Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On November 07, 2016

November 4, Help Net Security – (International) GitLab plugs critical flaw in its code repository manager software. GitLab released security updates for its Community Edition (CE) and Enterprise Edition (EE) of its code repository manager software resolving a critical flaw in the import/export project feature that did not adequately check for symbolic links in user-provided archives, thereby allowing an authenticated user to access the contents of any file accessible to the GitLab service account. Source

November 3, SecurityWeek – (International) PLCs vulnerable to stealthy pin control attacks. Security researchers at the Black Hat Europe 2016 security conference discovered two new attack methods involving manipulating programmable logic controllers’ (PLCs) input and output at a low level, thereby allowing attackers to control the physical processes managed by the PLCs without triggering any alarms. The first method involves changing the pin’s configuration and allows malware in the PLC to switch a pin from input to output, or vice-versa, while the second attack method involves multiplexing and changes the functionality of the same pin. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.