Security, Windows TCO, and Reliability Leftovers

posted by Roy Schestowitz on Mar 26, 2025

• Kubernetes Blog ☛ Ingress-nginx CVE-2025-1974: What You Need to Know

  Today, the ingress-nginx maintainers have released patches for a batch of critical vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster. If you are among the over 40% of Kubernetes administrators using ingress-nginx, you should take action immediately to protect your users and data.

  Background

  Ingress is the traditional Kubernetes feature for exposing your workload Pods to the world so that they can be useful. In an implementation-agnostic way, Kubernetes users can define how their applications should be made available on the network. Then, an ingress controller uses that definition to set up local or cloud resources as required for the user’s particular situation and needs.

  Many different ingress controllers are available, to suit users of different cloud providers or brands of load balancers. Ingress-nginx is a software-only ingress controller provided by the Kubernetes project. Because of its versatility and ease of use, ingress-nginx is quite popular: it is deployed in over 40% of Kubernetes clusters!

  Ingress-nginx translates the requirements from Ingress objects into configuration for nginx, a powerful open source webserver daemon. Then, nginx uses that configuration to accept and route requests to the various applications running within a Kubernetes cluster. Proper handling of these nginx configuration parameters is crucial, because ingress-nginx needs to allow users significant flexibility while preventing them from accidentally or intentionally tricking nginx into doing things it shouldn’t.

• Security Week ☛ NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD

  The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth.

• Security Week ☛ Oracle Denies Cloud Breach After Hacker Offers to Sell Data

  Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records.

• Savoir-faire Linux Introduces VulnScout.io, Strengthening Open-Source Security

  Savoir-faire Linux released its open-source cybersecurity solution, the VulnScout.io, developed to aid in tracking, managing, and remediating product vulnerabilities more efficiently. It is committed to open-source and is active with both the Linux Foundation and the Yocto Project.

  “Openness is in our DNA,” comments Christophe Villemer, Executive Vice-President of Savoir-faire Linux and LF Energy governing board member, "That’s why we’ve chosen to release VulnScout.io under an open-source license. Our experience contributing to The Yocto Project and our deep involvement with Linux Foundation initiatives have paved the way for a truly community-driven, globally accessible solution."

• Windows TCO / Windows Bot Nets

  • The Register UK ☛ VanHelsing ransomware emerges to put a stake through Windows

    Launched on March 7, this RaaS operation has already infected three organizations with ransom demands amounting to $500,000 a victim. Check Point's analysis suggests VanHelsing is a freshly developed ransomware strain, rather than a quick rebrand of existing malware code.

  • Security Week ☛ Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs

    The primary motivating factor for ransomware is the money it generates. Apparently, more victims are declining to pay – but it is equally apparent that criminals are not ready to abandon this type of attack. “The decrease in payments might also push attackers to diversify their methods further. For example, we could see more focus on supply chain attacks or targeting critical infrastructure, where the stakes – and the potential payouts – are higher,” comments Casey Ellis, Founder at Bugcrowd.

  • Cyble Inc ☛ Union County Cyberattack: Personal Data Stolen

    Union County, Pennsylvania, has fallen victim to a ransomware attack that compromised personal information belonging to its more than 40,000 residents. The Union County Cyberattack, discovered on March 13, 2025, has prompted an urgent response from county officials and federal law enforcement.

• Integrity/Availability/Authenticity

  • NPR ☛ Days after the Signal leak, the Pentagon warned the app was the target of hackers

    A Signal spokesman said the Pentagon memo is not about the messaging app's level of security, but rather that users of the service should be aware of what are known as "phishing attacks." That's when hackers try to gain access to sensitive information through impersonation or other deceptive tricks.

  • Jamie Zawinski ☛ OpenDMARC

    I have an example of a spammer mailing me with my address in the from field and opendmarc seems to think it's just fine.

  • Digital Camera World ☛ Missing on-board camera memory card blunder leaves Williams F1 team with huge €50,000 fine

    The stewards have revealed that a flashing LED on the cameras in question alerted Williams to a potential problem during Free Practice 1 [FP1] and that this was reported, but that the team failed to report the missing memory cards after FP1 had ended.

  • Troy Hunt ☛ Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List

    You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details. But as a quick summary, I woke up in London this morning to the following: [...]