28Juin 2024 by

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others

Actualités
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the
Read More
28Juin 2024 by

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

Actualités
Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms," Trend Micro researchers Ahmed
Read More
28Juin 2024 by

Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors

Actualités
The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS.  SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS.  Security teams keep jamming on-prem
Read More