Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Multiple Zero-Day Vulnerabilities found in GitLab

Zero-day-in-gitlab
A security researcher hijacked hundreds of GitLab domains in just a few seconds by exploiting a weakness in how the company handles domain verification -- a security issue that the company has now fixed.

GitLab, a web-based git repository manager that lets developers track and collaborate on source code and project development, also allows users to host their own content and projects with a custom domain name.

But the company said in a security notification on February 5 that no validation was being performed when a user added a custom domain to their GitLab accounts. In the little time that a custom domain points to a recently deleted or unclaimed GitLab repo that will be added later, the domain can be hijacked.

Edwin Foudil, known as EdOverflow, and founder of security consulting firm Penultimate, drew inspiration from a bug report submitted on February 1, which contained proof-of-concept code that listed vulnerable custom domains that were pointing to GitLab. GitLab...(continued)

View All Trending Stories