Divya@gbhackers.com
//
Cisco has issued critical security patches to address vulnerabilities in its ClamAV software and Meeting Management platform. A denial-of-service flaw, identified as CVE-2025-20128, affects ClamAV and can be exploited by submitting a crafted file that terminates the scanning process. Proof-of-concept exploit code is available, although there's no indication it has been used in the wild. This ClamAV vulnerability is due to a heap-based buffer overflow bug within the OLE2 file parser, impacting Cisco Secure Endpoint Connectors for Windows, Linux, and macOS. Cisco advises users to immediately update to ClamAV versions 1.4.2 or 1.0.8 to remediate this threat, since a successful attack could disrupt security workflows by stopping the malware scanning function.
Additionally, a critical privilege escalation vulnerability, CVE-2025-20156, has been discovered in the Cisco Meeting Management REST API. This flaw allows remote authenticated attackers with low privileges to elevate their access to administrator level on affected devices. It stems from improper authorization enforcement within the REST API, enabling attackers to gain control of edge nodes managed by Cisco Meeting Management. The vulnerability impacts versions 3.9 and earlier, but not 3.10. Upgrading to version 3.9.1 or 3.10 is essential as there are no workarounds available. Cisco has released software updates to address this vulnerability, also impacting the Broadworks platform. References :
Classification:
@upguard.com
//
API security testing firm APIsec exposed an internal database to the internet without a password, potentially compromising customer data. The database contained customer info and other data generated while monitoring customer APIs for security weaknesses, according to researchers at UpGuard, who discovered the exposed database on March 5th, 2025. UpGuard notified APIsec, and the database was secured the same day. APIsec claims to be used by 80% of the Fortune 100.
The exposed Elasticsearch database contained over three terabytes of data, including configuration information for private scanning instances, results of API scans for customers’ endpoints, and personal information for users collected during scanning. This data provided extensive information about the attack surfaces of APIsec's customers. The database contained indices for executing the APIsec test suites against customer APIs and storing the results, with data spanning from 2018 to 2025. The APIsec platform helps companies secure their APIs by running tests for common weaknesses. The exposed data included information about which tests were being performed, allowing attackers to potentially look for issues not being tested. The index "fx-accounts" included usernames and credentials for services like AWS, Slack, and GitHub. The index "fx-clusters" contained configuration data for APIsec scanning instances, some of which contained the same AWS access key as the record in "fx-accounts." References :
Classification:
@The DefendOps Diaries
//
Cloudflare is enhancing API security by closing all HTTP ports on api.cloudflare.com, enforcing HTTPS-only connections. This significant move aims to eliminate vulnerabilities associated with cleartext HTTP traffic, where sensitive information like API tokens could be intercepted by malicious actors or network intermediaries. By mandating HTTPS-only connections, Cloudflare is setting a new standard in cybersecurity practices, protecting against potential data leaks and enhancing the overall security posture.
The decision to block unencrypted traffic to API endpoints is a strategic response to the increasing sophistication of cyber threats. Even with automatic redirection from HTTP to HTTPS, a window of vulnerability exists where sensitive data could be transmitted over unencrypted channels. Cloudflare's proactive approach rejects cleartext connections at the transport layer, safeguarding organizations relying on APIs and reducing the risk of cyber threats. This aligns with Cloudflare's efforts to support AI adoption with a security-first approach, ensuring reliable and safe use of AI technologies. References :
Classification:
|