Attackers bypass Microsoft Smartscreen and break into Gitlab

The US cybersecurity authority CISA is currently warning of actively attacked vulnerabilities in the Microsoft Smartscreen filter and in Gitlab. Security updates to close the gaps are already available. Admins should install them now at the latest.

The authority has evidence of active abuse of a smartscreen vulnerability, as CISA writes in its communication. Microsoft describes the vulnerability as a "security risk by bypassing the security function at the smartscreen prompt". The attack scenario described by the developers from Redmond is that attackers can send specially prepared files to potential victims in an email or instant messaging message, for example, which they would have to execute (CVE-2024-29988, CVSS 8.8, risk"high"). The April Patchday updates seal the security leak.

Attackers are targeting Windows computers and Gitlab

A critical vulnerability in Gitlab, through which attackers could send password reset emails from any user to unverified email addresses and thus take over the accounts, is now also being actively attacked, according to CISA. Back in January, the Gitlab developers provided updated software to close the gap (CVE-2023-7028, CVSS 10.0, critical).

It is therefore mandatory for authorities in the USA to seal these gaps within three weeks. However, it is strongly recommended that all IT managers, including those on this side of the Atlantic, download and install the available updates immediately if they have not already done so.

CISA regularly includes new vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. This contains vulnerabilities that are known to be abused in attacks by cyber criminals. However, the US IT security authority does not provide details of the observed attacks.

(dmk)