CISA Alerts on Exploited Microsoft and GitLab Flaws; Urges Immediate Patching

May 3, 2024
CISA Alerts on Exploited Microsoft and GitLab Flaws; Urges Immediate Patching
Tech
Tech
Cybersecurity
Cybersecurity

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about exploited vulnerabilities in Microsoft Smartscreen and GitLab.

  • Microsoft Smartscreen's flaw could let attackers bypass security warnings and run harmful files.

  • The GitLab issue allows attackers to hijack accounts by sending password reset emails to unverified email addresses.

  • Both Microsoft and GitLab have released updates to fix these security gaps.

  • CISA mandates US agencies to patch these vulnerabilities within three weeks and advises global IT administrators to do the same urgently.

  • While the exact nature of the attacks wasn't detailed by CISA, immediate action is critical as per GitLab's advisory.

Summary based on 5 sources

Get a daily email with more Tech stories

Sources

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

The Hacker News • May 2, 2024

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
1,400 GitLab Servers Impacted by Exploited Vulnerability

SecurityWeek • May 2, 2024

1,400 GitLab Servers Impacted by Exploited Vulnerability
US alerts on exploitable GitLab flaw permitting account takeovers - Stack Diary

Stack Diary • May 2, 2024

US alerts on exploitable GitLab flaw permitting account takeovers - Stack Diary
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

Security Affairs • May 2, 2024

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

More Stories