Patch/Configuration Management

GitLab has issued fixes for several security vulnerabilities through the latest versions of its Community Edition and Enterprise Edition software, BleepingComputer reports.

More than 200,000 Atlassian Confluence Data Center and Confluence Server instances could be compromised in intrusions targeting the high-severity remote code execution vulnerability, tracked as CVE-2024-21683, reports Cybernews.

The bug enables unauthenticated attackers to log into the Veeam Backup Enterprise Manager.

The move by Rockwell Automation was in response to heightened global tensions and concerns about potential attacks on critical infrastructure.

The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include security issues impacting NextGen Healthcare Mirth Connect and Google Chrome instances, according to Security Affairs.

CISA advises security teams to either patch immediately or simply replace the end-of-life routers.

Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.

In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.