GitLab

Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration

Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration

| | GitLab, integrations, News and Views, Sonatype Lifecycle
For an organization to place greater emphasis on software supply chain security, seamless integrations that enhance visibility and streamline workflows remain essential. Sonatype is thrilled to unveil an enhanced integration between Sonatype ...
2024 Sonatype Blog
Cybersecurity Insights with Contrast CISO David Lindner | 7/12/24

Cybersecurity Insights with Contrast CISO David Lindner | 7/12/24

| | AI, GitLab, Vulnerabilities
Insight #1 Are we overburdening CISOs? According to CSO Online, the scope of responsibilities and titles held by CISOs has expanded significantly, with the title of “CISO” morphing into a dual title, ...
AppSec Observer
GitLab Authentication Bypass Vulnerability (CVE-2024-6385) Notification

GitLab Authentication Bypass Vulnerability (CVE-2024-6385) Notification

| | Blog, CVE-2024-6385, Emergency Response, GitLab, pipeline
Overview Recently, NSFOCUS CERT detected that GitLab issued a security announcement and fixed the identity bypass vulnerability (CVE-2024-6385) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to the incomplete fixing ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

CISA Alert: GitLab Password Exploit – Act Now For Protection

| | , cisa, CVE-2023-7028, Cybersecurity, Cybersecurity News, GitLab, Incident Response, Linux Infrastructure, Multi-Factor Authentication (MFA), Password Exploit, patch management, security best practices, Supply Chain Attacks, two-factor-authentication.2fa, Vulnerabilities
In the realm of cybersecurity, vigilance is paramount. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) flagged a critical vulnerability in GitLab, a popular platform for collaborative software development. This GitLab ...
TuxCare
Extreme closeup of “TEN” on US$10 note

GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

| | cisa, CISA Advisories, CISA Advisory, CISA Alert, CISA KEV, cisa known exploited vulnerabilities, cisa known exploited vulnerabilities catalog, CISA Threat Update, CISA warning, CISA.gov, CVE-2023-7028, CVSS10, Cybersecurity Infrastructure Security Administration, GitLab, GitLab Community Edition, GitLab CVE-2023-7028 CVE-2023-5356, GitLab Enterprise Edition, GitLab Patches, GitLab Security, GitLab Vulnerability, NSA/CISA, Password reset, Password reset protection, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity
Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability ...
Security Boulevard

Python Snake Info Stealer Spreading Via Facebook Messages

| | credential theft, cyber attacks, cyber defense, cyber threat intelligence, Cyber threat landscape, Cybereason, Cybersecurity, Cybersecurity Measures, Cybersecurity News, Data breaches, Facebook Messages, GitLab, Information Stealing, Malicious Scripts, Malware, Proactive Security, PyInstaller, Python Snake Info Stealer, threat actors, Web Browsers
As per recent reports, threat actors are increasingly leveraging Facebook messages to distribute the Python Snake Info Stealer malware. Researchers have noticed that threat actors are using three variants of the information ...
TuxCare
GitLab Arbitrary File Write Vulnerability (CVE-2024-0402) Alert

GitLab Arbitrary File Write Vulnerability (CVE-2024-0402) Alert

| | Blog, CVE-2024-0402, Emergency Response, File Write Vulnerability, GitLab
Overview Recently, NSFOCUS CERT detected that GitLab officially released a security announcement and fixed an arbitrary file write vulnerability (CVE-2024-0402) in GitLab Community Edition (CE) and Enterprise Edition (EE). Due to path ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
credential stuffing password

GitLab Releases Urgent Security Updates for Critical Flaw

| | Cybersecurity, DEVOPS, GitLab, vulnerability
GitLab is rolling out security patches that fix a bug that could let attackers leverage scheduled security scan policies to run pipelines as an arbitrary user. Bad actors exploiting the flaw could ...
Security Boulevard
GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification

GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification

| | Blog, CVC-2023-5009, Emergency Response, GitLab
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Who’s Behind the 8Base Ransomware Website?

Who’s Behind the 8Base Ransomware Website?

| | @htmalgae, 8Base Ransomware, A Little Sunshine, Andrei Kolev, GitLab, JCube Group, Ne'er-Do-Well News, Ransomware, VMware
The victim shaming website operated by the cybercriminals behind 8Base -- currently one of the more active ransomware groups -- was until earlier today leaking quite a bit of information that the ...
Krebs on Security
Load more