GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

/in

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.
The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The

The Hacker News – ​Read More

Craig Newmark pledges $100M to fight hacking by foreign governments

/in

Craigslist founder Craig Newmark plans to donate $100 million to further strengthen U.S. cybersecurity, addressing what he sees as a growing threat from foreign governments, he tells the WSJ. Half the funds will focus on protecting power grids and other infrastructure from cyberattacks; half will be earmarked to educate people about so-called cybersecurity hygiene.  Newmark, […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices

/in

The FBI, in collaboration with U.S. government agencies, dismantled a Chinese state-backed botnet known as Flax Typhoon, comprising…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Everything you need to know about VPN tracking

/in

A VPN (Virtual Private Network) adds privacy and security to your browsing. But does this make your internet…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Fal.Con 2024: CrowdStrike unveils resilient-by-design framework to bolster global cybersecurity

/in

“It’s not only about bouncing back – it’s about staying ahead through a culture of resilience,” Kurtz emphasized during his keynote.Read More

Security News | VentureBeat – ​Read More

Contractor Software Targeted via Microsoft SQL Server Loophole

/in

By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.

darkreading – ​Read More

Packed With Features, ‘SambaSpy’ RAT Delivers Hefty Punch

/in

Thought to be Brazilian in origin, the remote access Trojan is the “perfect tool for a 21st-century James Bond.”

darkreading – ​Read More

Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost

/in

Europol, alongside global law enforcement, dismantled the encrypted chat app Ghost, widely used by criminal networks for drug…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

FCC: AT&T Didn’t Adequately Protect Customers’ Cloud Data

/in

Regulators fine AT&T $13 million for failing to protect customer information held by a third-party vendor, and extend consumer data protections to the cloud.

darkreading – ​Read More

Singapore mandates face authentication for ‘higher risk’ bank transactions

/in

The move comes amid growing phishing attacks targeting the financial services sector; most impacted by brand impersonation scams.

Latest stories for ZDNET in Security – ​Read More