GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited to hijack an account without any interaction. “An issue has been discovered in GitLab CE/EE…

Compromised Facebook business accounts are being used to run bogus ads that employ “revealing photos of young women” as lures to trick victims into downloading an updated version of a malware called NodeStealer. “Clicking on ads immediately downloads an archive containing a malicious .exe ‘Photo Album’ file which also drops a second executable written in…

Trend Micro is presenting the research this week at SecurityWeek’s 2022 ICS Cyber Security Conference in Atlanta, which can also be joined online via SecurityWeek’s virtual event platform. Registration for the event is still open. CNC machines can be programmed to carry out a wide range of tasks with a high level of efficiency, consistency…

The malicious code, discovered in late March, was found in the php-src repository hosted on the git.php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code. PHP developers said the backdoor was discovered before it was pushed out to users via an update. Initially, users were told that…

Serving articles about the Perl programming language since 1997 and managed by The Perl Foundation, the domain started pointing to a parked site at the end of January, with evidence suggesting connections to sites distributing malware. The issue, some of those involved with maintaining the site said at the time, was related to an account…

RDP hijacking definition One means of compromising systems cherished by malware authors is Remote Desktop Protocol (RDP). It provides a convenient way for system administrators to manage Windows systems and help users with troubleshooting an issue. RDP hijacking attacks often exploit legitimate features of the RDP service rather than purely relying on a vulnerability or…

Fireball: Adware with potential nuclear consequences

Advertising can sometimes be annoying — and sometimes it can be malicious. Businesses that make their money selling advertisements sometimes go too far trying to make sure you see their ads. Recently researchers found that one such business — a big digital-marketing agency — went as far as installing adware on 250 million computers running…