Response Plan – Page 8 – Experimental News Clipping Site

Slashdot: Oracle Tells Clients of Second Recent Hack, Log-In Data Stolen

Apr 3, 2025

—

by

Source URL: https://developers.slashdot.org/story/25/04/03/198224/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Oracle Tells Clients of Second Recent Hack, Log-In Data Stolen Feedly Summary: AI Summary and Description: Yes Summary: The recent report highlights a significant cybersecurity breach at Oracle, where hackers accessed client login credentials. This incident is notable for security and compliance professionals given its implications for data protection…

Hacker News: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial

Mar 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/ Source: Hacker News Title: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a dispute regarding Oracle Cloud’s denial of a security breach after an infosec researcher claims that sensitive data, including customer security keys and credentials,…

The Register: There are perhaps 10,000 reasons to doubt Oracle Cloud’s security breach denial

Mar 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/ Source: The Register Title: There are perhaps 10,000 reasons to doubt Oracle Cloud’s security breach denial Feedly Summary: Customers come forward claiming info was swiped from prod Oracle Cloud’s denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider’s login servers…

Schneier on Security: Critical GitHub Attack

Mar 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schneier.com/blog/archives/2025/03/critical-github-attack.html Source: Schneier on Security Title: Critical GitHub Attack Feedly Summary: This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an…

The Register: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’

Mar 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/ Source: The Register Title: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’ Feedly Summary: One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack…

Bulletins: Vulnerability Summary for the Week of March 10, 2025

Mar 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

Hacker News: ‘Uber for nurses’ exposes 86K+ medical records, PII via open S3 bucket

Mar 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.websiteplanet.com/news/eshyft-report-breach/ Source: Hacker News Title: ‘Uber for nurses’ exposes 86K+ medical records, PII via open S3 bucket Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant cybersecurity incident involving the exposure of a non-password-protected database belonging to ESHYFT, a healthtech company. The incident raises critical issues about privacy…

Alerts: CISA Releases Two Industrial Control Systems Advisories

Mar 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-releases-two-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Two Industrial Control Systems Advisories Feedly Summary: CISA released two Industrial Control Systems (ICS) advisories on March 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-070-01 Schneider Electric Uni-Telway Driver ICSA-25-070-02 Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks…

Microsoft Security Blog: New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Mar 11, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/ Source: Microsoft Security Blog Title: New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects Feedly Summary: Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features…

The Register: Rhysida pwns two US healthcare orgs, extracts over 300K patients’ data

Mar 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/10/rhysida_healthcare/ Source: The Register Title: Rhysida pwns two US healthcare orgs, extracts over 300K patients’ data Feedly Summary: Terabytes of sensitive info remain available for download Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients.……

Tag: Response Plan