April 17, 2024 at 01:28PM Cisco has issued patches for a high-severity vulnerability in its Integrated Management Controller (IMC), allowing local attackers to escalate privileges to root using crafted CLI commands. The flaw, tracked as CVE-2024-20295, affects various Cisco devices and has a public exploit code available. Cisco has also observed recent zero-day attacks on … Read more
April 16, 2024 at 11:00AM Cloud security firm Orca warned about how certain command-line tools from major cloud service providers expose sensitive information in the form of environment variables, posing security risks. Microsoft Azure, AWS, and Google Cloud confirmed the issue and provided guidance on safeguarding sensitive data. Orca discovered this issue impacting not just … Read more
November 24, 2023 at 06:18AM GitGuardian’s engineers have developed a secret-fingerprinting protocol for their HasMySecretLeaked service, which helps developers find out if their secrets have been exposed in public GitHub repositories. By encrypting and hashing the secret and sharing a partial hash with GitGuardian, they can match potential secrets without exposing sensitive information. Users can … Read more