Connect with us

Press Release

Critical GitLab flaw permits account takeover by attackers

Published

on

Critical GitLab flaw permits account takeover by attackers

GitLab has patched a critical severity flaw that may have let remote attackers exploit hardcoded passwords to seize control of user accounts.

Both the Community Edition (CE) and Enterprise Edition of GitLab are impacted by the flaw, which was identified internally and is designated CVE-2022-1162 (EE).

During OmniAuth-based registration in GitLab CE/EE, static passwords were unintentionally set, which led to this vulnerability.

In a security advisory released on Thursday, the GitLab team stated that “a hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.”

In order to thwart such assaults, GitLab strongly advised users to update all GitLab installations right away to the most recent versions (14.9.2, 14.8.5, or 14.7.7).

We STRONGLY RECOMMEND UPGRADING TO THE LATEST VERSION AS SOON AS POSSIBLE FOR ALL INSTALLATIONS RUNNING A VERSION AFFECTED BY THE ISSUES DESCRIB

A code patch made two days ago reveals that GitLab removed the ‘lib/gitlab/password.rb’ file, which was used to give the ‘TEST DEFAULT’ constant a shoddy hardcoded password.

Some GitLab users had their passwords reset.
GitLab also stated that as part of the CVE-2022-1162 mitigation effort, it reset a select few GitLab.com users’ passwords.

Additionally, it did not discover any proof that any accounts had been compromised by hackers exploiting the hardcoded password security weakness.

As of 15:38 UTC, “We completed a reset of GitLab.com passwords for a chosen selection of users,” the GitLab staff stated.

Although there is no evidence to suggest that users’ or accounts’ security has been compromised, we are nonetheless taking precautions for our users’ safety.

A GitLab representative provided the information already included in the advisory with BleepingComputer when asked how many Gitlab.com users had their passwords reset, adding that they only did it for “a selected set of people.”

A programme to recognise affected user accounts
GitLab has developed a script that self-managed instance administrators can use to find user accounts that might be affected by CVE-2022-1162, despite the fact that the firm claims no user accounts have been compromised so far.

Administrators are urged to reset the users’ passwords after identifying any user accounts that might have been impacted.

GitLab claims that over 100,000 businesses utilise its DevOps platform, and it has over 30 million estimated registered users from 66 different nations.

Continue Reading

Press Release

Review of Bleeping Computer

Published

on

Review of Bleeping Computer

ComboFix is a tool made by sUBs that checks your computer for known malware and tries to automatically remove infestations when it finds any. In addition to being able to get rid of a lot of the most popular and up-to-date malware, ComboFix also shows a report that skilled assistants may use to get rid of malware that isn’t already eradicated by the programme.

Please be aware that executing this programme without supervision may result in improper operation of your computer. Run this programme only at the direction of a knowledgeable assistant.

At the moment, Windows 8.1 is not compatible with this programme, just Windows 8!

The author is collecting PayPal donations from people who want to support his work. By selecting the following picture, you may contribute:

Continue Reading

Press Release

FlexBooker reports a data breach, affecting more than 3.7 million accounts.

Published

on

FlexBooker reports a data breach, affecting more than 3.7 million accounts.

In an attack just before the holidays, the accounts of over three million customers of the American appointment scheduling service FlexBooker were taken, and they are now being exchanged on hacker forums.

The same hackers are also selling databases they claim to be from two other organisations: the Australian case management system rediCASE and the racing media outlet Racing.com.

Holiday breaches before
A few days before Christmas, there were supposedly three breaches, and the intruder posted the information on a hacking forum.

A popular programme for booking appointments and syncing employee calendars, FlexBooker, appears to be the source of the most recent data dump.

Owners of any company that needs to plan appointments, such as accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on, are among FlexBooker’s clients.

The group claiming responsibility for the attack appears to go by the name of Uawrongteam, and they published links to files and archives containing personal information, including pictures, driver’s licences, and other IDs.

The database, according to Uawrongteam, has a table with 10 million lines of client data, including everything from payment forms and charges to pictures taken for driver’s licences.

Names, emails, phone numbers, password salt, and hashed passwords are among the database’s “juicy columns,” according to the actor.

Customers of FlexBooker have received a data breach notification that confirms the attack and that data on the service’s Amazon cloud storage system was “accessed and downloaded” by the intruders.

The letter states that “our account on Amazon’s AWS servers was compromised on December 23, 2021, starting at 4:05 PM EST,” adding that the attackers did not obtain “any credit card or other payment card information.”

FlexBooker advised consumers to be on the lookout for strange or fraudulent activities, and to monitor account statements and credit reports.

For further information, the developer also directed users to a report on a distributed denial-of-service (DDoS) attack. It was then determined that some customers’ personal information had been obtained by the hackers.

The FlexBooker assault exposed email addresses, names, partial credit card information, passwords, and phone numbers for more than 3.7 million users, according to the data breach reporting service Have I Been Pwned.

Prior to FlexBooker, the threat actor known as Uawrongteam distributed links to material that was purportedly taken from Racing.com, a digital television station that broadcasts horse racing and offers news, stats, and event calendars associated with the sport.

The data from the Redbourne Gang’s rediCASE Case Management Software, which is utilised by numerous enterprises in addition to health and community agencies, looks to be another target of the same group.

Continue Reading

Press Release

Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which establishes in-store and on the internet payments technologies, for $100M (Omar Faridi/Crowdfund Expert).

Published

on

acquire Iceland-based Valitor

Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M (Omar Faridi/Crowdfund Insider)

Omar Faridi / Crowdfund Insider:
Rapyd, a “fintech-as-a-service” provider, to acquire Iceland-based Valitor, which develops in-store and online payments technologies, for $100M  —  – Twitter- Facebook- LinkedIn- Pinterest- Reddit- HackerNews- Telegram- Weibo- Email- Print- Subscribe

Continue Reading

Trending