Security Affairs Newsletter Round 454: Major Cybersecurity Incidents and Developments
In a significant advancement for user protection, GitLab has fortified its security measures by rectifying a severe zero-click account hijacking flaw. This flaw, identified as CVE-2023-7028, had the potential to allow account takeover via arbitrary, unverified email addresses. A successful exploitation did not require any interaction, posing a significant threat to user data. The issue was discovered and reported by a security researcher ‘Asterion,’ via the HackerOne bug bounty platform. GitLab has released versions 16.7.2, 16.5.6, and 16.6.4 to address this critical issue, with the fix also backported to 16.1.6, 16.2.9, and 16.3.7. While no active exploitation cases have been detected, GitLab has released signs of compromise for defenders.
Juniper Networks Takes Action
Juniper Networks has addressed a critical remote code execution bug in its firewalls and switches, further strengthening its security infrastructure. This action underlines the tech company’s commitment to safeguarding its users from potential cyber threats.
Indonesia Grapples with Voter Data Leaks
As Indonesia prepares for the 2024 Presidential Election, concerns over voter data leaks have surfaced. This situation raises significant questions about data security and electoral integrity. The Indonesian government is expected to take necessary measures to address this issue and prevent potential manipulation in the upcoming election.
Team Liquid’s Wiki Leak
Approximately 118,000 users were affected by an information leak from Team Liquid’s wiki. The incident underscores the need for robust security measures in safeguarding user data.
CISA Updates Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities catalog, adding bugs from Ivanti and Microsoft SharePoint. This move is in line with CISA’s commitment to keeping cybersecurity professionals informed about potential threats.
