Priya PatelTLDR:
- A critical flaw in GitLab allows attackers to reset user account passwords.
- Attackers are actively exploiting zero-day vulnerabilities in Ivanti Connect Secure VPN devices.
- Researchers have discovered vulnerabilities in Bosch Rexroth nutrunners that could disrupt automotive production.
- Microsoft has released fixes for critical flaws in Windows Kerberos and Hyper-V.
- The US Securities and Exchange Commission Twitter account was hacked to announce the approval of Bitcoin ETFs.
A critical vulnerability in GitLab allows attackers to easily reset user account passwords without user interaction. The flaw, tracked as CVE-2023-7028, affects both GitLab CE and EE versions. Organizations using GitLab are advised to update to the latest version and apply the patch as soon as possible.
Two zero-day vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, are actively being exploited in Ivanti Connect Secure VPN devices. The vulnerabilities allow remote attackers to execute arbitrary code or gain unauthorized access to sensitive information. Organizations using Ivanti Connect Secure are advised to apply patches and follow mitigation steps provided by Ivanti.
Researchers have discovered over two dozen vulnerabilities in Bosch Rexroth nutrunners, which are used in automotive manufacturing. Exploiting these vulnerabilities could render the nutrunners inoperable or lead to unreliable output, potentially disrupting automotive production lines.
Microsoft has released fixes for 49 vulnerabilities in its January 2024 Patch Tuesday, including two critical flaws. The critical vulnerabilities are tracked as CVE-2024-20674 and CVE-2024-20700, and affect Windows Kerberos and Hyper-V. Organizations using these Microsoft products are advised to update to the latest versions and apply the patches immediately.
The Twitter account of the US Securities and Exchange Commission (SEC) was hijacked by an unknown attacker. The attacker posted an announcement claiming that the SEC had decided to allow the listing of Bitcoin ETFs on registered national security exchanges. The false announcement caused confusion in the cryptocurrency community before being debunked.
For the full article, click here.
