unauthenticated – Experimental News Clipping Site

The Register: CISA spots spawn of Spawn malware targeting Ivanti flaw

Apr 1, 2025

—

by

Source URL: https://www.theregister.com/2025/04/01/cisa_ivanti_warning/ Source: The Register Title: CISA spots spawn of Spawn malware targeting Ivanti flaw Feedly Summary: Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according…

The Register: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug

Mar 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/27/crushftp_cve/ Source: The Register Title: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug Feedly Summary: Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer…

Hacker News: RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx)

Mar 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities Source: Hacker News Title: RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx) Feedly Summary: Comments AI Summary and Description: Yes ### Summary: The text outlines the discovery of significant vulnerabilities in the Ingress NGINX Controller for Kubernetes, known as IngressNightmare. These vulnerabilities, which allow unauthenticated Remote Code Execution (RCE), pose…

The Register: Oracle Cloud says it’s not true someone broke into its login servers and stole data

Mar 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/23/oracle_cloud_customers_keys_credentials/ Source: The Register Title: Oracle Cloud says it’s not true someone broke into its login servers and stole data Feedly Summary: Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information…

Bulletins: Vulnerability Summary for the Week of March 10, 2025

Mar 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…

Hacker News: Vulnerability in partner.microsoft.com allows unauthenticated access

Mar 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://nvd.nist.gov/vuln/detail/CVE-2024-49035 Source: Hacker News Title: Vulnerability in partner.microsoft.com allows unauthenticated access Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant vulnerability (CVE-2024-49035) related to improper access control in Microsoft’s Partner Center, allowing unauthenticated attackers to elevate their privileges over a network. The vulnerability is classified as critical due…

The Register: MITRE Caldera security suite scores perfect 10 for insecurity

Feb 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…

Bulletins: Vulnerability Summary for the Week of February 17, 2025

Feb 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…

The Register: Docker delays Hub pull limits by a month, tweaks maximums, pushes back storage billing

Feb 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/22/docker_consumption_pricing_takes_effect/ Source: The Register Title: Docker delays Hub pull limits by a month, tweaks maximums, pushes back storage billing Feedly Summary: Image fetches to be capped on hourly basis for Personal, unauthenticated use Docker has delayed its plan to limit image pulls – the downloading of container images – from Docker Hub, by…

The Register: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

Feb 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/02/21/ivanti_traversal_flaw_poc_exploit/ Source: The Register Title: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws Feedly Summary: PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven’t already installed patches released in…

Tag: unauthenticated