Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Follow Dark Reading:
 May 06, 2024
LATEST SECURITY NEWS & COMMENTARY
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
CISO Corner: Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: a Tech Tip on setting up DMARC, a DNS mystery from Muddling Meerkat, and a cybersecurity checklist for M&A transitions.
GAO: NASA Faces 'Inconsistent' Cybersecurity Across Spacecraft
The space agency needs to implement stricter policies and standards when it comes to its cybersecurity practices, but doing so the wrong way would put machinery at risk, a federal review found.
Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.
Innovation, Not Regulation, Will Protect Corporations From Deepfakes
If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately.
REvil Affiliate Off to Jail for Multimillion-Dollar Ransomware Scheme
Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.
(Sponsored Article) Reduce Cloud Risks With CSPM and CNAPP
Cloud-native application protection platform and cloud security posture management can help minimize cloud errors through attack path analysis.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
UnitedHealth Congressional Testimony Reveals Rampant Security Fails
The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change Healthcare's backup strategy failed.

The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024
Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI.

Safeguarding Your Mobile Workforce
Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks.

Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft
Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.

MORE
PRODUCTS & RELEASES
Palo Alto Networks Delivers Comprehensive SASE Capabilities
Dazz Unveils AI-Powered Automated Remediation for Application Security Posture Management
Permira to Acquire Majority Position in BioCatch at $1.3B Valuation
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
Dropbox Breach Exposes Customer Credentials, Authentication Data
Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info.
LATEST FROM THE EDGE

Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities
The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.
LATEST FROM DR TECHNOLOGY

Anetac Targets Service Account Security
The new startup's identity and access management platform uncovers poorly monitored service accounts and secures them from abuse.
LATEST FROM DR GLOBAL

Amnesty International Cites Indonesia as a Spyware Hub
The growing amount of surveillance technology being deployed in the country is concerning due to Indonesia's increasing blows to citizens' civil rights.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us