Latest News

More claims are being made across the US and Canada compared with previous years, with healthcare organizations leading the way.

### Summary Bunch of vulnerabilities found in k8sGPT. Fixed in release https://github.com/k8sgpt-ai/k8sgpt/releases/tag/v0.3.33

**Summary** Client-Initiated TLS Renegotiation Denial of Service (DoS) Vulnerability at Port 4200 **Details** A high-risk vulnerability has been identified where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameters during an ongoing TLS session. This flaw could lead to excessive consumption of CPU resources, resulting in potential server overload and service disruption. The vulnerability was confirmed using an openssl client where the command 'R' initiates renegotiation, followed by the server confirming with 'RENEGOTIATING'. **PoC** 1. Connect to the TLS server on port 4200 using an openssl client. 2. Initiate a TLS session. 3. Send the renegotiation command ('R') multiple times. 4. Observe the server response to confirm renegotiation. **Impact** This vulnerability allows an attacker to perform a denial of service attack by exhausting server CPU ...

### Impact The output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: - [TLS inspection](https://docs.cilium.io/en/stable/security/tls-visibility/#gs-tls-inspection) - [Ingress with TLS termination](https://docs.cilium.io/en/stable/network/servicemesh/tls-termination/#gs-ingress-tls) - [Gateway API with TLS termination](https://docs.cilium.io/en/stable/network/servicemesh/gateway-api/https/) - [Kafka network policies with API key filtering](https://docs.cilium.io/en/stable/security/policy/language/#kafka-beta) The sensitive data includes: - The CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API - The API keys used in Kafka-related network policy `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal op...

A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager.

The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain.

A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function.

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Experiment demonstrates how AI can turn the tables on cybercriminals, capturing bank account details of how scammers move stolen funds around the world.

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.