Experimental News Clipping Site

Tag: CVE

  • Hacker News: Windows BitLocker – Screwed Without a Screwdriver

    by

    Kurt Seifried
    in

    Source URL: https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver Source: Hacker News Title: Windows BitLocker – Screwed Without a Screwdriver Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a security vulnerability dubbed “bitpixie” that affects BitLocker encryption on Windows devices, allowing unauthorized access to the encryption key without the need for physical disassembly of the machine. It…

  • The Register: Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/17/rsync_vulnerabilities/ Source: The Register Title: Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Feedly Summary: Turns out tool does both file transfers and security fixes fast Don’t panic. Yes, there were a bunch of CVEs affecting potentially hundreds of thousands of users found in rsync in early December –…

  • Unit 42: Threat Brief: CVE-2025-0282 and CVE-2025-0283

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/ Source: Unit 42 Title: Threat Brief: CVE-2025-0282 and CVE-2025-0283 Feedly Summary: CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. The post Threat Brief: CVE-2025-0282 and CVE-2025-0283 appeared first on Unit 42. AI Summary and Description: Yes **Summary:** The text details…

  • Cisco Talos Blog: Find the helpers

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/find-the-helpers/ Source: Cisco Talos Blog Title: Find the helpers Feedly Summary: Bill discusses how to find ‘the helpers’ and the importance of knowledge sharing. Plus, there’s a lot to talk about in our latest vulnerability roundup. AI Summary and Description: Yes Summary: This edition of the Threat Source newsletter emphasizes the importance of…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

  • Slashdot: Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/01/16/1755240/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat Feedly Summary: AI Summary and Description: Yes Summary: Microsoft has addressed a significant Windows vulnerability (CVE-2024-7344) that permitted attackers to bypass Secure Boot, which serves as a crucial safeguard against firmware infections. This vulnerability was present for over seven months…

  • Hacker News: Researchers have identified a total of 6 vulnerabilities in rsync

    by

    Kurt Seifried
    in

    Source URL: https://www.openwall.com/lists/oss-security/2025/01/14/3 Source: Hacker News Title: Researchers have identified a total of 6 vulnerabilities in rsync Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses multiple vulnerabilities identified in the rsync software, including a critical heap buffer overflow that allows arbitrary code execution with minimal access rights. This communication is especially…

  • Cisco Talos Blog: Slew of WavLink vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/ Source: Cisco Talos Blog Title: Slew of WavLink vulnerabilities Feedly Summary: Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is…

  • The Register: Microsoft fixes under-attack privilege-escalation holes in Hyper-V

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/15/patch_tuesday_january_2025/ Source: The Register Title: Microsoft fixes under-attack privilege-escalation holes in Hyper-V Feedly Summary: Plus: Excel hell, angst for Adobe fans, and life’s too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve…

  • Krebs on Security: Microsoft: Happy 2025. Here’s 161 Security Updates

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/01/microsoft-happy-2025-heres-161-security-updates/ Source: Krebs on Security Title: Microsoft: Happy 2025. Here’s 161 Security Updates Feedly Summary: Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day" weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company…