Month: November 2021

0 Comments
A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The
0 Comments
by Paul Ducklin Here’s the second in our series of Naked Security Podcast minisodes for Week 4 of Cybersecurity Awareness month. To access all four presentations on one page, please go to:https://nakedsecurity.sophos.com/tag/sos-2021 This article is an interview with Sophos expert Chester Wisniewski, Principal Research Scientist at Sophos, and it’s full of useful and actionable advice
0 Comments
Cyber-criminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California. Nonprofit Community Medical Centers (CMC), which is headquartered in the city of Stockton, primarily serves low-income patients, migrants, and homeless people in the Northern California counties of San Joaquin, Solano,
0 Comments
Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from
0 Comments
by Paul Ducklin [00’29”] Don’t miss our cybersecurity podcast minisodes! [01’46”] Bliss is a hill in wine country. [03’37”] Lessons from a cryptotrading hamster. [08’46”] Ransomware gang hacked back. [20’27”] Docusign phishers go after 2FA codes. [30’23”] Oh! No! Sleep mode considered harmful. With Paul Ducklin and Doug Aamoth. Intro and outro music by Edith