November 4, Help Net Security – (International) GitLab plugs critical flaw in its code repository manager software. GitLab released security updates for its Community Edition (CE) and Enterprise Edition (EE) of its code repository manager software resolving a critical flaw in the import/export project feature that did not adequately check for symbolic links in user-provided archives, thereby allowing an authenticated user to access the contents of any file accessible to the GitLab service account. Source
November 3, SecurityWeek – (International) PLCs vulnerable to stealthy pin control attacks. Security researchers at the Black Hat Europe 2016 security conference discovered two new attack methods involving manipulating programmable logic controllers’ (PLCs) input and output at a low level, thereby allowing attackers to control the physical processes managed by the PLCs without triggering any alarms. The first method involves changing the pin’s configuration and allows malware in the PLC to switch a pin from input to output, or vice-versa, while the second attack method involves multiplexing and changes the functionality of the same pin. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report