Experimental News Clipping Site

Tag: Exploitation

  • The Register: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/23/cisco_fixes_critical_bug/ Source: The Register Title: Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug Feedly Summary: No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a remote, authenticated attacker with low privileges to escalate to administrator on affected devices.… AI…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/23/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

  • The Register: SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/23/sonicwall_critical_bug/ Source: The Register Title: SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix Feedly Summary: Big organizations and governments are main users of these gateways SonicWall is warning customers of a critical vulnerability that was potentially already exploited as a zero-day.… AI Summary and Description: Yes Summary: SonicWall has issued…

  • The Register: FortiGate config leaks: Victims’ email addresses published online

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emails/ Source: The Register Title: FortiGate config leaks: Victims’ email addresses published online Feedly Summary: Experts warn not to take leaks lightly as years-long compromises could remain undetected Thousands of email addresses included in the Belsen Group’s dump of FortiGate configs last week are now available online, revealing which organizations may have been…

  • Hacker News: Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.bleepingcomputer.com/news/security/hackers-exploit-16-zero-days-on-first-day-of-pwn2own-automotive-2025/ Source: Hacker News Title: Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed report on the outcomes of the Pwn2Own Automotive 2025 hacking competition, highlighting the successful exploitation of zero-day vulnerabilities relating to electric vehicle chargers…

  • The Register: Asus lets processor security fix slip out early, AMD confirms patch in progress

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/23/asus_amd_processor_fix/ Source: The Register Title: Asus lets processor security fix slip out early, AMD confirms patch in progress Feedly Summary: Answers on a postcard to what ‘Microcode Signature Verification Vulnerability’ might mean AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this…

  • Slashdot: Mastercard DNS Error Went Unnoticed for Years

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/01/22/1851200/mastercard-dns-error-went-unnoticed-for-years?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Mastercard DNS Error Went Unnoticed for Years Feedly Summary: AI Summary and Description: Yes Summary: A security researcher uncovered a five-year-long critical DNS misconfiguration in Mastercard’s systems that created significant security risks. The incident highlights the vulnerabilities in domain configurations which are vital to maintain robust information security practices.…

  • Alerts: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/22/cisa-and-fbi-release-advisory-how-threat-actors-chained-vulnerabilities-ivanti-cloud-service Source: Alerts Title: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications Feedly Summary: CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963,…