Key Cybersecurity Incidents & Developments | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Security Affairs Newsletter Round 454: Major Cybersecurity Incidents and Developments

In a significant advancement for user protection, GitLab has fortified its security measures by rectifying a severe zero-click account hijacking flaw. This flaw, identified as CVE-2023-7028, had the potential to allow account takeover via arbitrary, unverified email addresses. A successful exploitation did not require any interaction, posing a significant threat to user data. The issue was discovered and reported by a security researcher ‘Asterion,’ via the HackerOne bug bounty platform. GitLab has released versions 16.7.2, 16.5.6, and 16.6.4 to address this critical issue, with the fix also backported to 16.1.6, 16.2.9, and 16.3.7. While no active exploitation cases have been detected, GitLab has released signs of compromise for defenders.

Juniper Networks Takes Action

Juniper Networks has addressed a critical remote code execution bug in its firewalls and switches, further strengthening its security infrastructure. This action underlines the tech company’s commitment to safeguarding its users from potential cyber threats.

Indonesia Grapples with Voter Data Leaks

As Indonesia prepares for the 2024 Presidential Election, concerns over voter data leaks have surfaced. This situation raises significant questions about data security and electoral integrity. The Indonesian government is expected to take necessary measures to address this issue and prevent potential manipulation in the upcoming election.

Team Liquid’s Wiki Leak

Approximately 118,000 users were affected by an information leak from Team Liquid’s wiki. The incident underscores the need for robust security measures in safeguarding user data.

CISA Updates Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities catalog, adding bugs from Ivanti and Microsoft SharePoint. This move is in line with CISA’s commitment to keeping cybersecurity professionals informed about potential threats.

Mandiant Account Compromise

An account of Mandiant, a leading cybersecurity firm, was compromised due to inadequate protection. The incident serves as a reminder of the vulnerabilities that even cybersecurity firms can face and the need for constant vigilance.

Saudi Ministry’s Data Exposure

A security lapse led to the exposure of sensitive data of the Saudi Ministry for a staggering duration of 15 months. The incident highlights the need for stringent security measures and regular audits to prevent such mishaps.

Transnational Cybercrime Investigation

The Department of Justice charged 19 individuals in a transnational cybercrime investigation related to the xDedic Marketplace. The charges underline the global nature of cybercrime and the need for international cooperation in tackling such threats.


Click Here For The Original Source.

National Cyber Security