Blog Tags: 
news
security
gitlab

CVE-2016-4340: Privilege escalation via "impersonate" feature in existing v14.0/1 GitLab deployments

Jeremy Davis - Fri, 2016/05/27 - 16:50
It has come to our attention that existing deployments of TurnKey GitLab (versions 14.0 & 14.1) are vulnerable to CVE-2016-4340, a critical security issue that allows authenticated users to escalate their privileges to that of an Administrator.

This issue has been fixed with many others by the GitLab project, as detailed in the 2016-05-02 GitLab Security Advisory.

Due to the seriousness of the issue, new builds of TurnKey GitLab have been published today so new deployments are not vulnerable.

Read more and discuss
Blog Tags: 
news
security
magento

TurnKey Magento NOT vulnerable to CVE-2016-4010 remote PHP code execution

Jeremy Davis - Fri, 2016/05/27 - 16:49 - 1 comments

Thanks to vondrt4 for bringing CVE-2016-4010 to our attention. This was a potentially critical vulnerability in Magento that turns out not to apply to TurnKey Magento, because it only effects Magento versions 2.0 - 2.0.5. The current version of TurnKey Magento is based on Magento 1.9.X.

Read more and discuss
Blog Tags: 
evil
scam
fraud
the dark side
corruption

The binary option scam: Evil Incorporated vs the "Don't Be Evil" corporation

Liraz Siri - Thu, 2016/05/26 - 19:12 - 7 comments

All that is required for evil to triumph is for good men to do nothing

—Edmund Burke

Today I'm going to digress a bit from all things TurnKey related to shine a much needed light on a monster I found lurking in my backyard.

SCAM

Read more and discuss