Experimental News Clipping Site

Tag: security flaws

  • Hacker News: Azure’s Weakest Link? How API Connections Spill Secrets

    by

    Kurt Seifried
    in

    Source URL: https://www.binarysecurity.no/posts/2025/03/api-connections Source: Hacker News Title: Azure’s Weakest Link? How API Connections Spill Secrets Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses significant security vulnerabilities identified in Azure API Connections that allow users with minimal permissions (Reader roles) to make unauthorized API calls to sensitive backend resources. It emphasizes the…

  • The Register: ‘Uber for nurses’ exposes 86k+ medical records, PII in open S3 bucket for months

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/11/uber_for_nurses_exposes_86k/ Source: The Register Title: ‘Uber for nurses’ exposes 86k+ medical records, PII in open S3 bucket for months Feedly Summary: Non-password-protected, unencrypted 108GB database…what could possibly go wrong Exclusive More than 86,000 records containing nurses’ medical records, facial images, ID documents and more sensitive info linked to health tech company ESHYFT was…

  • Unit 42: Multiple Vulnerabilities Discovered in a SCADA System

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/ Source: Unit 42 Title: Multiple Vulnerabilities Discovered in a SCADA System Feedly Summary: We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings. The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42. AI Summary…

  • The Register: Microsoft signed a dodgy driver and now ransomware scum are exploiting it

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/04/paragon_partition_manager_ransomware_driver/ Source: The Register Title: Microsoft signed a dodgy driver and now ransomware scum are exploiting it Feedly Summary: Five flaws found in Paragon Partition Manager’s kernel-level .sys Ransomware crooks are exploiting a third-party Windows kernel-level driver used and provided by disk management tool Paragon Partition Manager.… AI Summary and Description: Yes Summary:…

  • Hacker News: Towards a test-suite for TOTP codes

    by

    Kurt Seifried
    in

    Source URL: https://shkspr.mobi/blog/2025/03/towards-a-test-suite-for-totp-codes/ Source: Hacker News Title: Towards a test-suite for TOTP codes Feedly Summary: Comments AI Summary and Description: Yes Summary: The text critiques the TOTP (Time-based One-Time Password) specification, highlighting discrepancies between major implementations and emphasizing the need for consistency in security standards. The author has created a test suite to help identify…

  • The Register: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/ Source: The Register Title: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature Feedly Summary: 1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware…

  • The Register: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/27/wallbleed_vulnerability_great_firewall/ Source: The Register Title: Wallbleed vulnerability unearths secrets of China’s Great Firewall 125 bytes at a time Feedly Summary: Boffins poked around inside censorship engines for years before Beijing patched hole Smart folks investigating a memory-dumping vulnerability in the Great Firewall of China (GFW) finally released their findings after probing it for…

  • The Register: MITRE Caldera security suite scores perfect 10 for insecurity

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…

  • Rekt: ByBit – Rekt

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/bybit-rekt Source: Rekt Title: ByBit – Rekt Feedly Summary: $1.43B heist on ByBit claims the throne on our Rekt Leaderboard! Lazarus pulled off the perfect digital sleight-of-hand, making multisig signers see legitimate transactions while signing away the keys to the kingdom. Now ByBit’s offering $140M to catch the hackers. AI Summary and Description:…

  • Hacker News: Wyden Releases Draft Bill to Secure Americans’ Communications

    by

    Kurt Seifried
    in

    Source URL: https://www.wyden.senate.gov/news/press-releases/wyden-releases-draft-bill-to-secure-americans-communications-against-foreign-surveillance-demands Source: Hacker News Title: Wyden Releases Draft Bill to Secure Americans’ Communications Feedly Summary: Comments AI Summary and Description: Yes Summary: The Global Trust in American Online Services Act, introduced by Senator Ron Wyden, aims to amend the CLOUD Act and strengthen protections against foreign surveillance demands that compromise the security of…