Experimental News Clipping Site

Tag: unauthenticated

  • Cisco Talos Blog: Slew of WavLink vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/ Source: Cisco Talos Blog Title: Slew of WavLink vulnerabilities Feedly Summary: Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is…

  • The Register: Microsoft fixes under-attack privilege-escalation holes in Hyper-V

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/15/patch_tuesday_january_2025/ Source: The Register Title: Microsoft fixes under-attack privilege-escalation holes in Hyper-V Feedly Summary: Plus: Excel hell, angst for Adobe fans, and life’s too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve…

  • The Register: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/ Source: The Register Title: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug Feedly Summary: This is what happens when you publish PoCs immediately “Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.… AI Summary and Description: Yes Summary: The text discusses a…

  • The Register: Zero-day exploits plague Ivanti Connect Secure appliances for second year running

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/ Source: The Register Title: Zero-day exploits plague Ivanti Connect Secure appliances for second year running Feedly Summary: Factory resets and apply patches is the advice amid fortnight delay for other appliances The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts “seriously" as Ivanti battles two…

  • The Register: Mitel 0-day, 5-year-old Oracle RCE bugs under active exploit

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/ Source: The Register Title: Mitel 0-day, 5-year-old Oracle RCE bugs under active exploit Feedly Summary: 3 CVEs added to CISA’s catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least…

  • The Register: UK ICO not happy with Google’s plans to allow device fingerprinting

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/23/uk_ico_not_happy_with/ Source: The Register Title: UK ICO not happy with Google’s plans to allow device fingerprinting Feedly Summary: Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more in brief Google has announced plans to allow its business customers to begin “fingerprinting" users next year, and the UK…

  • Hacker News: Show HN: TideCloak – Decentralized IAM for security and user sovereignty

    by

    system automation
    in

    Source URL: https://github.com/tide-foundation/tidecloak-gettingstarted Source: Hacker News Title: Show HN: TideCloak – Decentralized IAM for security and user sovereignty Feedly Summary: Comments AI Summary and Description: Yes Summary: The text serves as a developer guide for setting up TideCloak, an identity and access management (IAM) system built on KeyCloak, aimed at allowing developers to create secure…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/12/17/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose…

  • The Register: Are your Prometheus servers and exporters secure? Probably not

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/15/prometheus_servers_exporters_exposed/ Source: The Register Title: Are your Prometheus servers and exporters secure? Probably not Feedly Summary: Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Infosec in brief There’s a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters…