CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks | SC Media

(Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw’s inclusion in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security issue by May 22, reports BleepingComputer.

No further information regarding the attacks involving the flaw, which could be exploited to facilitate password reset email delivery and eventual account takeover, has been provided. However, CISA emphasized that there has been no indication of any exploitation in ransomware incidents.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” said CISA. Such a development comes as more than 2,000 internet-exposed GitLab instances were discovered by Shadowserver to remain unpatched against CVE-2023-7028, which is less than half of the vulnerable instances identified in January when the fixes were issued by GitLab.

The state-sponsored group is exploiting weak DMARC policies to impersonate legitimate domains.

Sophos X-Ops discovers a curious backdoored (and signed) executable, masquerading as something else entirely.

The U.S. Department of Justice announced the arrest of former cybersecurity consultant Vincent Cannady, who allegedly extorted $1.5 million from a New York-based multinational IT infrastructure services provider where he was assigned by a staffing company to address possible network security issues, reports BleepingComputer.

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.

Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed
in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.