When configuration becomes a vulnerability: Exploitable misconfigurations in AIapps - https://www.redpacketsecurity.com/when-configuration-becomes-a-vulnerability-exploitable-misconfigurations-in-aiapps/

#threatintel
#exploitable-misconfigurations
#ai-security
#kubernetes
#cloud-security
#authentication

#KRITIS Sektor #Gesundheit

B. Braun OnlineSuite

"* ...um das Arbeiten mit und um die #Infusionspumpen von B. Braun zu erleichtern
* Einfache Integration in bestehende #Krankenhaus- und IT-Infrastruktur"

https://www.bbraun.de/de/products/b58/b-braun-space-onlinesuite.html

"CVSS: 10.0 (v3.1) / 10.0 (v4.0)
ATTENTION: #Exploitable remotely/low and high skill level to #exploit..."
https://www.bbraun.com/en/products-and-solutions/b--braun-product-security/06-2025-b--braun-statement-on-vulnerabilities-online-suite.html

Explanation:

My #University just bought into Brightspace from D2L, which is a giant crappy #LMS. It's so bad. We had Blackboard before, and I never thought I would miss that garbage.

Anyway, so BS has import and export from CSV, except IT'S NOT CSV. Inexplicably, every line except the first starts and ends with a # character. And this is IN THE DOCUMENTATION. It's so "the system knows when the next set of data begins". Which, in CSV, is what the newline is for. If this isn't #exploitable, I'm SHOCKED.

"workplaces should have to legally provide #unlimited paid sick leave available immediately upon hire. the limits that #companies that even provide paid sick leave put on it is so fucked up. no one can control when they get sick, how often they get sick, or how long they are sick for, and they shouldn't have to suffer for the transgression of being ill.

"oh, but some #people might take advantage of that and just stay home all the time and get paid for it!" if there is really a statistically relevant amount of people you have hired staying home on paid sick leave for months or years on end, perhaps your workplace sucks to be at, and you need to change.

give them reasons to come in to #work. make it safer and easier to do their #jobs. give them work that they can get invested in and talk to them about what that looks like. make sure you aren't overloading them with too much work or making unreasonable demands. #pay them an amount that makes the work worth doing to them. actually form a working relationship with your #employees instead of treating them like infinitely #exploitable #wage #slaves.

only allowing your #workers to accrew "2 hours a week of sick time starting after 6 weeks of #employment" or some shit just doesn't match the reality of how #sickness or #human #health #works"

https://www.tumblr.com/161reckless/728923312849371136?source=share