GitLab has issued a warning about a serious vulnerability in its GitLab Community and Enterprise editions. This vulnerability allows attackers to execute pipeline jobs as if they were another user. GitLab’s DevSecOps platform is used by more than 30 million registered users, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, …

Adobe released security updates to fix several vulnerabilities in their software. These vulnerabilities could be used by cyber attackers to gain control of a system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply necessary updates: Security Updates Available for Adobe Premiere Pro | APSB24-46: …

OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …

The Pakistan Ministry of Information Technology and Telecommunication has given permission to the Inter-Services Intelligence (ISI) to intercept citizens’ phone communications for national security reasons. Issued on Monday, the ministry’s notification — a copy of which is available with Dawn.com — said that the authorisation was granted to the ISI …

Citrix has warned users about severe vulnerabilities in their widely-used NetScaler products. These vulnerabilities, known as CVE-2024-6235 and CVE-2024-6236, could potentially allow unauthorized access to sensitive information and cause denial-of-service (DoS) attacks. CVE-2024-6235: Sensitive Information Disclosure (Critical Severity) The flaw in the NetScaler Console (previously known as NetScaler ADM) is …

Microsoft’s July 2024 Patch Tuesday includes security updates for 142 flaws, including two zero-days that are actively exploited and two that are publicly disclosed. This Patch Tuesday fixed five critical vulnerabilities, all of which were remote code execution flaws. July 2024 Patch Tuesday Breakdown: Here is the breakdown of vulnerabilities …

Three emerging threats will be discussed below, along with how sandbox analysis can be utilized to detect them proactively. Lockbit Ransomware: The Lockbit ransomware is a major cybersecurity threat that appeared in 2019. It works as Ransomware-as-a-Service (RaaS), where affiliates use its software to carry out attacks. The Royal Mail …

Avast researchers found a security flaw in the DoNex ransomware and its previous versions, which allowed them to create a tool to decrypt the files. They shared this discovery at the Recon 2024 conference. Avast released a free decryptor in March 2024 to help victims recover their files. “All brands …

The Apache Software Foundation has warned about two serious security issues (CVE-2024-38346 and CVE-2024-39864) in Apache CloudStack, a popular open-source cloud computing platform. These vulnerabilities are a big threat to organizations using CloudStack to manage their virtualized infrastructure. Unauthenticated Cluster Service Port (CVE-2024-38346) The vulnerability CVE-2024-38346 is found in the …

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US issued a warning about a cyber espionage group called APT40, which is linked to China. The advisory cautions about the group’s capability to quickly and effectively use security flaws that are recently disclosed. “APT …