Washington, D.C. (July 18, 2024) – Today, the Aspen Institute Financial Security Program (Aspen FSP) is announcing the formation of a National Task Force for Fraud & Scam Prevention, an initiative that will bring together leading stakeholders from government, law enforcement, private industry, and civil society to develop a nation-wide strategy aimed at helping prevent…
Read More
Summary A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. The vulnerability, tracked as CVE-2024-5655, impacts all GitLab CE/EE versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0. GitLab has addressed the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and…
Read More
Context A recently patched high-severity flaw, tracked as CVE-2024-28995, impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. A patch is available for affected SolarWinds customers. Community Impact Successful exploitation of this vulnerability could be a potential steppingstone for attackers. By gaining access to sensitive information like credentials…
Read More
Context Car dealership software-as-a-service provider (SaaS) CDK Global has been impacted by a large-scale cyberattack, causing the company to shut down a portion of its systems and leaving clients unable to operate their businesses normally. Community Impact The outage and restoration of CDK Global services impacts a portion of the RH-ISAC Core Membership and is notable due to…
Read More
Vienna, VA (June 20, 2024) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) announces their new critical provider program in partnership with Google Cloud Security, Microsoft, Palo Alto Networks, and Akamai as tier three associate members. These companies will be supporting RH-ISAC, its board of directors, and Core Membership as strategic partners dedicated…
Read More
