Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 18 – 2024

Publication date

03.05.2024

Featured Story

CISA Says GitLab Account Takeover Bug is Actively Exploited in Attacks

CISA has issued a warning about active exploitation of CVE-2023-7028, a maximum-severity vulnerability in GitLab. This flaw allows unauthenticated attackers to hijack GitLab accounts by exploiting improper access controls. Attackers can send password reset emails to addresses they control, change passwords, and take over accounts—without user interaction.

Given the sensitive nature of data stored on GitLab—such as source code, API keys, and CI/CD configuration—successful exploitation can lead to devastating supply chain attacks and unauthorized code insertion in software environments.

SOC Analysis: Given the critical nature of the data hosted on GitLab, such an account hijacking can have far-reaching impacts. It can lead to supply chain attacks, compromising repositories by inserting malicious code in CI/CD environments.

Organisations must urgently patch their GitLab instances. Enabling two-factor authentication (2FA) provides an essential layer of protection and can prevent exploitation of this vulnerability.


Other Stories

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

HPE Aruba Networking has released patches addressing four critical buffer overflow vulnerabilities (CVSS 9.8) in ArubaOS. These flaws could be exploited by unauthenticated attackers to execute remote code on affected systems.

SOC Analysis: Make sure all impacted ArubaOS devices are patched without delay. Upgrade any end-of-life devices and monitor for signs of compromise in your logs. Exploitation could lead to full control of networked devices.

Security Breach Exposes Dropbox Sign Users

Dropbox has confirmed a breach affecting Dropbox Sign, compromising data such as email addresses, usernames, hashed passwords, and API keys. Even non-registered users who interacted with the platform were affected.

SOC Analysis: This breach demonstrates the importance of securing third-party integrations. Reset all affected credentials, including API keys and MFA tokens. Avoid password reuse across services, and consider rotating secrets in critical environments.

Okta: Credential-Stuffing Attacks Spike via Proxy Networks

Okta has detected a surge in credential-stuffing attacks using anonymizing networks like Tor and residential proxy services. These attacks exploit login forms across organizations to gain unauthorized access.

SOC Analysis: Implementing strong MFA, anomaly detection, and IP-based restrictions can thwart these attacks. Okta admins should consider enabling the new feature that blocks requests from anonymizing networks directly in the Admin Console.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?