CISA Alerts on Exploited Microsoft and GitLab Flaws; Urges Immediate Patching
May 3, 2024The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about exploited vulnerabilities in Microsoft Smartscreen and GitLab.
Microsoft Smartscreen's flaw could let attackers bypass security warnings and run harmful files.
The GitLab issue allows attackers to hijack accounts by sending password reset emails to unverified email addresses.
Both Microsoft and GitLab have released updates to fix these security gaps.
CISA mandates US agencies to patch these vulnerabilities within three weeks and advises global IT administrators to do the same urgently.
While the exact nature of the attacks wasn't detailed by CISA, immediate action is critical as per GitLab's advisory.
Summary based on 5 sources
Get a daily email with more Tech stories
Sources
The Hacker News • May 2, 2024
CISA Warns of Active Exploitation of Severe GitLab Password Reset VulnerabilitySecurityWeek • May 2, 2024
1,400 GitLab Servers Impacted by Exploited VulnerabilityStack Diary • May 2, 2024
US alerts on exploitable GitLab flaw permitting account takeovers - Stack DiarySecurity Affairs • May 2, 2024
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog