Experimental News Clipping Site

Tag: patching

  • The Register: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/24/kubernetes_windows_nodes_bug/ Source: The Register Title: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now Feedly Summary: SYSTEM-level command injection via API parameter *chef’s kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster,…

  • Cloud Blog: Migrate Oracle-based applications to Google Cloud and simplify operations

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/products/databases/tips-for-migrating-oracle-based-applications-to-google-cloud/ Source: Cloud Blog Title: Migrate Oracle-based applications to Google Cloud and simplify operations Feedly Summary: Last year, Google Cloud and Oracle forged a strategic partnership to accelerate cloud transformation for businesses, allowing them to integrate Oracle’s robust database capabilities within Google Cloud’s environment. This partnership applies to Oracle databases, as well as…

  • The Register: Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/21/fortinet_firewalls_still_vulnerable/ Source: The Register Title: Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day Feedly Summary: Seven days after disclosure and little action taken, data shows Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit.… AI…

  • Hacker News: 0click deanonymization attack targeting Signal, Discord and other platforms

    by

    Kurt Seifried
    in

    Source URL: https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 Source: Hacker News Title: 0click deanonymization attack targeting Signal, Discord and other platforms Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text outlines a novel deanonymization attack targeting popular applications, particularly highlighting vulnerabilities in Cloudflare’s caching system. It emphasizes the dangers posed to users, especially those in sensitive roles, such…

  • The Register: Datacus extractus: Harry Potter publisher breached without resorting to magic

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/20/harry_potter_publisher_breach/ Source: The Register Title: Datacus extractus: Harry Potter publisher breached without resorting to magic Feedly Summary: PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more Infosec in brief Hogwarts doesn’t teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power…

  • The Register: Fortinet: FortiGate config leaks are genuine but misleading

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/17/fortinet_fortigate_config_leaks/ Source: The Register Title: Fortinet: FortiGate config leaks are genuine but misleading Feedly Summary: Competition hots up with Ivanti over who can have the worst start to a year Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid…

  • Alerts: CISA and FBI Release Updated Guidance on Product Security Bad Practices

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/17/cisa-and-fbi-release-updated-guidance-product-security-bad-practices Source: Alerts Title: CISA and FBI Release Updated Guidance on Product Security Bad Practices Feedly Summary: In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received…

  • Unit 42: Threat Brief: CVE-2025-0282 and CVE-2025-0283

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/ Source: Unit 42 Title: Threat Brief: CVE-2025-0282 and CVE-2025-0283 Feedly Summary: CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. The post Threat Brief: CVE-2025-0282 and CVE-2025-0283 appeared first on Unit 42. AI Summary and Description: Yes **Summary:** The text details…

  • Slashdot: Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/01/16/1755240/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat Feedly Summary: AI Summary and Description: Yes Summary: Microsoft has addressed a significant Windows vulnerability (CVE-2024-7344) that permitted attackers to bypass Secure Boot, which serves as a crucial safeguard against firmware infections. This vulnerability was present for over seven months…

  • The Register: GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/15/godaddy_ftc_order/ Source: The Register Title: GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’ Feedly Summary: Watchdog alleged it had no SIEM or MFA, orders rapid adoption of basic infosec tools GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018,…