Security Leftovers and Windows TCO
-
Pen Test Partners ☛ Take control of Cache-Control and local caching
TL;DR Caching speeds up website content delivery What caching directives are and how to use them
-
Security Week ☛ Fortinet Patches 18 Vulnerabilities
Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products.
-
Security Week ☛ China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems.
-
Security Week ☛ Zoom Patches 4 High-Severity Vulnerabilities
Zoom has patched five vulnerabilities in its applications, including four high-severity flaws.
-
Security Week ☛ A Guide to Security Investments: The Anatomy of a Cyberattack
Organizations must recognize that security is not about the number of tools deployed, it is about ensuring those tools effectively disrupt the attack chain at every stage.
-
Security Week ☛ Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers.
-
Federal News Network ☛ Creating a cybersecurity standard of care: The future of software liability
This approach emphasizes the importance of integrating security measures into the software development lifecycle from the beginning.
-
SANS ☛ Scans for VMWare Hybrid Cloud Extension (HCX) API (Log4j - not brute forcing), (Wed, Mar 12th)
Today, I noticed increased scans for the VMWare Hyprid Cloud Extension (HCX) "sessions" endpoint. These endpoints are sometimes associated with exploit attempts for various VMWare vulnerabilities to determine if the system is running the extensions or to gather additional information to aid exploitation.
-
LWN ☛ Below: local privilege escalation (SUSE security team blog)
The SUSE Security Team blog has a post with a detailed analysis of a vulnerability (CVE-2025-27591) in the below tool for recording and displaying system data.
In January 2025, Below was packaged and submitted to openSUSE Tumbleweed. Below runs as a systemd service with root privileges. The SUSE security team monitors additions and changes to systemd service unit files in openSUSE Tumbleweed, and through this we noticed problematic log directory permissions applied in Below's code. -
Windows TCO / Windows Bot Nets
-
Bleeping Computer ☛ Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft’s March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities.
-
SANS ☛ File Hashes Analysis with Power BI from Data Stored in DShield SIEM, (Wed, Mar 12th)
> -
CSO ☛ Microsoft patches privilege escalation flaw exploited since 2023
One of the zero-day vulnerabilities, CVE-2025-24983, is a use-after-free memory corruption in the Win32 kernel subsystem that can lead to privilege escalation.
-