InfoSecBulletin Cybersecurity for mankind
The U.S. federal agency CISA has included CVE-2023-7028 in its Known Exploited Vulnerabilities Catalog. This means that the vulnerability is currently being targeted by attackers. CISA has instructed federal agencies to protect their systems by May 22, giving them a deadline of three weeks.
The U.S. cybersecurity agency hasn’t shared any information about ongoing attacks using the serious GitLab security bug. But they confirmed there is no evidence that it’s being used in ransomware attacks.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said today.
Private organizations using GitLab DevOps platform should also prioritize patching the vulnerability to prevent attacks.
GitLab has important data like code and API keys. If someone takes over an account, it can cause big problems. They could also insert harmful code in the CI/CD system to attack repositories.
