Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover

December 29, 2023 at 07:00AM Palo Alto Networks reports that an attacker with access to a Kubernetes cluster could exploit vulnerabilities in FluentBit and Anthos Service Mesh (ASM) within Google Kubernetes Engine (GKE) to gain complete control of the cluster. Google has released patches for the issues, but urges users to manually update their clusters … Read more

Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability

December 19, 2023 at 06:51AM Comcast’s Xfinity informed customers of a cybersecurity breach due to the CitrixBleed vulnerability, compromising usernames, passwords, and personal information. Despite promptly patching the flaw in its systems, the breach was confirmed, prompting password resets and multi-factor authentication. The CitrixBleed vulnerability has been implicated in numerous global attacks, affecting various organizations. … Read more

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

October 25, 2023 at 02:36AM Virtualization services provider VMware has alerted customers to a proof-of-concept exploit for a recently patched security flaw in Aria Operations for Logs. The vulnerability, tracked as CVE-2023-34051, allows for authentication bypass and remote code execution. A PoC for the vulnerability has been made available, prompting VMware to revise its advisory. … Read more