Tag
#ssl
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including
Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware," the Microsoft Threat Intelligence team said in a post shared on X. The tech
This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS Vulnerabilities: Incorrect Default Permissions, Improper Validation of Integrity Check Value, Improper Certificate Validation 2. RISK EVALUATION Exploiting these vulnerabilities could allow an attacker to tamper with system files, cause a denial of service, or perform a remote man-in-the-middle attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MACH GWS affected: MACH GWS: Versions 3.0.0.0 to 3.4.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT DEFAULT PERMISSIONS CWE-276 A vulnerability exists in MACH GWS product, which if exploited, could allow a local unauthenticated attacker to tamper a system file resulting in a denial of notify service. CVE-2025-39201 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). A CVSS v4 sco...
### Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that completely bypassed certificate validation when downloading GeoIP databases from external sources. The `initiateSSL()` method incorrectly implemented an approach for trusting all certificates. Specifically it: * Accepted all SSL certificates without validation * Disabled server certificate verification * Disabled client certificate verification * Disabled hostname verification This configuration made database downloads vulnerable to man-in-the-middle attacks, potentially allowing attackers to serve malicious GeoIP databases that could compromise the integrity of geolocation data processing. ### Patches Data Prepper 2.12.2 contains a fix for this issue. ### Workarounds If upgrading is not ...
### Impact The GeoIP processor and Kafka source and buffer were using the deprecated "SSL" protocol identifier when creating SSL contexts, potentially allowing the use of insecure SSL protocols instead of modern TLS versions. Multiple Data Prepper plugins used `SSLContext.getInstance("SSL")` which could potentially allow the use of deprecated SSL protocols (SSLv2, SSLv3) that have known security vulnerabilities. While modern Java implementations typically default to secure TLS versions even with the "SSL" identifier, explicitly using "TLS" ensures that only secure TLS protocols are negotiated. The affected components were: * GeoIP Processor: The `DBSource.initiateSSL()` method used for downloading GeoIP databases from external sources * Kafka Plugin: Both `CustomClientSslEngineFactory` and `InsecureSslEngineFactory` classes used for Kafka client connections This could potentially allow connections to negotiate weaker SSL protocols instead of enforcing modern TLS versions, reducin...
### Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS (Instance Metadata Service) impersonation.[^1] There are multiple locations where the verification of the identity document will mistakenly report a successful verification. - If a signature is not present or is empty https://github.com/in-toto/go-witness/blob/0c8bb30c143951d88b1d4b32f260c5f67d30137b/attestation/aws-iid/aws-iid.go#L161-L163 - If the RSA verification of the document fails for any reason https://github.com/in-toto/go-witness/blob/0c8bb30c143951d88b1d4b32f260c5f67d30137b/attestation/aws-iid/aws-iid.go#L192-L196 ### Workarounds The contents of the AWS attestation contain the identity document, signature, and public key that was used to verify the document. These attestations and their could be identity documents could be manually verif...
### Impact The OpenSearch sink and source plugins in Data Prepper are configured to trust all SSL certificates by default when no certificate path was provided, making connections vulnerable to man-in-the-middle attacks. Prior to this fix, the OpenSearch sink and source plugins would automatically use a trust all SSL strategy when connecting to OpenSearch clusters if no certificate path was explicitly configured. This behavior bypassed SSL certificate validation, potentially allowing attackers to intercept and modify data in transit through man-in-the-middle attacks. The vulnerability affects connections to OpenSearch when the `cert` parameter is not explicitly provided. ### Patches Data Prepper 2.12.2 ### Workarounds If you cannot immediately upgrade to the fixed version, you can implement the following workaround. #### OpenSearch sink Add the `cert` parameter to your OpenSearch sink configuration with the path to your cluster's CA certificate. The following example shows how...
# Microsoft Security Advisory CVE-2025-55248 | .NET Information Disclosure Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A MITM (man in the middle) attacker may prevent use of TLS between client and SMTP server, forcing client to send data over unencrypted connection. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/372 ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 8.0 application running on .NET 8.0.20 or earlier. * Any .NET 9.0 application running on .NET 9.0.9 or earlier. ## <a name="affected-packages"></a>Affected...
New York, United States, 15th October 2025, CyberNewsWire