Experimental News Clipping Site

Tag: exploits

  • Cisco Talos Blog: Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/january-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”  AI Summary and…

  • Alerts: CISA Releases Four Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-four-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Four Industrial Control Systems Advisories Feedly Summary: CISA released four Industrial Control Systems (ICS) advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-014-01 Hitachi Energy FOXMAN-UN ICSA-25-014-02 Schneider Electric Vijeo Designer ICSA-25-014-03 Schneider Electric EcoStruxure ICSA-25-014-04…

  • Rekt: Moby Trade – Rekt

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/mobytrade-rekt Source: Rekt Title: Moby Trade – Rekt Feedly Summary: When your private keys become the white whale, who’s really hunting whom? Moby Trade loses roughly $1 million to a compromised key, while white hats rescue $1.47M from the depths. Some lessons of the sea only need to be learned once. AI Summary…

  • The Register: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/ Source: The Register Title: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug Feedly Summary: This is what happens when you publish PoCs immediately “Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.… AI Summary and Description: Yes Summary: The text discusses a…

  • The Register: Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/ransomware_crew_abuses_compromised_aws/ Source: The Register Title: Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days Feedly Summary: ‘Codefinger’ crims on the hunt for compromised keys A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant’s own server-side encryption with customer provided keys (SSE-C) to lock up…

  • The Register: Nominet probes network intrusion linked to Ivanti zero-day exploit

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/nominet_ivanti_zero_day/ Source: The Register Title: Nominet probes network intrusion linked to Ivanti zero-day exploit Feedly Summary: Unauthorized activity detected, but no backdoors found UK domain registrar Nominet is investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits.… AI Summary and Description: Yes Summary: Nominet, the UK domain registrar,…

  • Slashdot: New LLM Jailbreak Uses Models’ Evaluation Skills Against Them

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/01/12/2010218/new-llm-jailbreak-uses-models-evaluation-skills-against-them?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: New LLM Jailbreak Uses Models’ Evaluation Skills Against Them Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses a novel jailbreak technique for large language models (LLMs) known as the ‘Bad Likert Judge,’ which exploits the models’ evaluative capabilities to generate harmful content. Developed by Palo Alto…

  • Alerts: CISA Releases Four Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/10/cisa-releases-four-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Four Industrial Control Systems Advisories Feedly Summary: CISA released four Industrial Control Systems (ICS) advisories on January 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-010-01 Schneider Electric PowerChute Serial Shutdown ICSA-25-010-02 Schneider Electric Harmony HMI and Pro-face HMI…

  • Hacker News: WorstFit: Unveiling Hidden Transformers in Windows ANSI

    by

    Kurt Seifried
    in

    Source URL: https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/ Source: Hacker News Title: WorstFit: Unveiling Hidden Transformers in Windows ANSI Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a novel security vulnerability termed “WorstFit” that exploits Microsoft Windows’ character encoding and conversion mechanisms, particularly its Best-Fit behavior, leading to various forms of attacks including Remote Code Execution…