Tag: security vulnerability

Source URL: https://blog.cloudflare.com/resolving-a-mutual-tls-session-resumption-vulnerability/ Source: The Cloudflare Blog Title: Resolving a Mutual TLS session resumption vulnerability Feedly Summary: Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different AI Summary and Description: Yes Summary: The text discusses a recently discovered…

The Register: Google: How to make any AMD Zen CPU always generate 4 as a random number

Feb 4, 2025

—

by

Source URL: https://www.theregister.com/2025/02/04/google_amd_microcode/ Source: The Register Title: Google: How to make any AMD Zen CPU always generate 4 as a random number Feedly Summary: Malicious microcode vulnerability discovered, fixes rolling out for Epycs at least Googlers have not only figured out how to break AMD’s security – allowing them to load unofficial microcode into its…

Hacker News: AMD: Microcode Signature Verification Vulnerability

Feb 3, 2025

—

by

Source URL: https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w Source: Hacker News Title: AMD: Microcode Signature Verification Vulnerability Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability in AMD Zen-based CPUs identified by Google’s Security Team, which allows local administrator-level attacks on the microcode verification process. This is significant for professionals in infrastructure and hardware…

Alerts: CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

Jan 31, 2025

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-fact-sheet-detailing-embedded-backdoor-function-contec-cms8000-firmware Source: Alerts Title: CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware Feedly Summary: CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector.…

Hacker News: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

Jan 29, 2025

—

by

Source URL: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak Source: Hacker News Title: Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a critical security vulnerability identified in DeepSeek’s publicly accessible ClickHouse database, which exposed sensitive information related to AI operations. Wiz Research’s responsible disclosure of an unprotected database…

Bulletins: Vulnerability Summary for the Week of December 16, 2024

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…

Bulletins: Vulnerability Summary for the Week of January 20, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…

Bulletins: Vulnerability Summary for the Week of December 2, 2024

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…

The Register: CDNs: Great for speeding up the internet, bad for location privacy

—

by