All news with #information disclosure tag

🔒 Broadcom released updates addressing two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). The flaws (CVE-2025-41251 and CVE-2025-41252) permit unauthenticated attackers to enumerate valid usernames via a weak password-recovery flow and a separate enumeration vector, which could be used to support brute-force or unauthorized login attempts. Administrators should apply the vendor patches immediately and verify recovery workflows and logging.

⚠️ Festo devices running affected EtherNet/IP firmware are vulnerable to multiple remotely exploitable issues, including incorrect numeric conversions, out-of-bounds reads, and reachable assertions that can lead to denial-of-service or data disclosure. Combined CVSS scores reach up to 8.2, and successful exploitation requires low attack complexity. Festo reports no planned fixes; CISA advises minimizing network exposure, disabling EtherNet/IP when unused, isolating control networks, and using secure remote access such as up-to-date VPNs. Organizations should limit exposure, monitor EtherNet/IP activity, and report suspected incidents.

🔓 Researchers at ETH Zurich disclosed VMScape, a Spectre-like speculative-execution attack that lets a malicious VM extract secrets from an unmodified QEMU hypervisor running on many modern AMD and some Intel CPUs. The exploit abuses shared branch-prediction structures and a FLUSH+RELOAD side channel to induce speculative disclosure. It works without host compromise and bypasses default mitigations; vendors and Linux developers released advisories and kernel patches to mitigate the issue.

🛡️ CISA republished information from Siemens ProductCERT regarding two vulnerabilities affecting the RUGGEDCOM RST2428P (6GK6242-6PA00). The issues — uncontrolled resource consumption (CVE-2025-40802) and exposure of sensitive information (CVE-2025-40803) — are exploitable from an adjacent network and have low CVSS scores (v3.1=3.1; v4=2.3). Siemens recommends firewalling UDP discovery ports and following industrial security guidance; CISA advises minimizing network exposure and isolating control networks.

🔍 The UpGuard Cyber Risk Team discovered a publicly readable Amazon S3 bucket containing spreadsheets that appeared to describe GoDaddy infrastructure running in the AWS cloud. The largest file listed more than 24,000 hostnames and 41 configuration fields, including hostname, OS, workload, region, vCPU, memory and modeled cost data, plus apparent AWS discount information. While the files did not contain credentials or end-user data, they effectively mapped a large-scale cloud deployment and revealed sensitive pricing details. UpGuard notified GoDaddy, and the exposure was closed after coordination with the company.

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible AWS S3 bucket containing a 1.2 TB ndjson file with 48 million records belonging to LocalBlox. The dataset included names, addresses, dates of birth, scraped LinkedIn and Facebook content, Twitter handles, and blended data from sources like Zillow. UpGuard notified LocalBlox on February 28, 2018, and the bucket was secured the same day. This exposure highlights the real-world risk of simple cloud misconfigurations.

🔓 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee exposing a 145MB zip file that contained a CSV of roughly 6.2 million email addresses. The unprotected bucket granted global authenticated FULL_CONTROL, allowing anyone with a free AWS account to access or modify contents. The file, last modified in 2010 and named EmailExcludeClinton.csv, appears to be an exclusion list and includes consumer, .edu, .gov, and .mil domains. UpGuard notified DSCC and the bucket was secured the following day.

🔒 UpGuard discovered an unauthenticated Elasticsearch instance exposing roughly 22 million web-request records tied predominantly to Leakzone, a forum for illicit data and hacking tools. The logs contained domains, client IPs, geolocation and ISP metadata, and request sizes spanning late June through the July 2025 discovery. Analysis shows widespread use of public proxies and VPN exit nodes, with much traffic routed through major cloud providers, limiting reliable geolocation.