Oh, right google has an open redirect
They're now using it in the phishing tests. Funnily they do not mention it in their training material where they tell users to check the URLs of links before clicking them.

(May be a GApps thing that it modifies all of the urls to prefix their open redirect...)

#infosec #itsec #itsecurity

In December, the authors of #watchtower decided to archive their own project.

There are a few forks out there - unfortunately I know nothing about them so can't really vouch for their legitimity. If you want to continue using Watchtower, please assess them yourself without switching. A few of the active forks I've looked at are full of AI slop and while they might work, I wouldn't advice using any of them.

This is not a good way to end a project. The original authors recommend looking at Kubernetes instead. For many #Docker users, this is not an option. They need a drop-in replacement for Watchtower which keeps their docker containers updated.

One fedizen wrote that this is a popular fork but he did not test it himself:
https://github.com/nicholas-fedor/watchtower/
Is this one of the forks that is afflicted with #AIslop?

#homelab #selfhosting #docker #itsec #itsecurity

As it is public now* I'm able to talk about it.

Check your VMware infrastructure. CVE-2024-37079 is known to have been exploited in the wild.

> UPDATE: Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37079
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37080
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37081

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/securityadvisories/0/24453

#infosec #itsec #itsecurity

* technically since Friday.

»Souveränität in der Cloud:
Digitale Souveränität bedeutet für Unternehmen und Behörden Verfügungsgewalt über Daten, Kontrolle über Infrastruktur und Vorhersehbarkeit gegenüber rechtlichen Eingriffen.«

Kein neues Thema und mMn noch den wenigsten bewusst. Klar die Umstellung kann aufwändiger so wie teuerer sein und doch hatten sich die meisten aus Bequemlichkeit such nicht darum gekümmert.

☁️ https://www.it-daily.net/it-management/cloud-computing/souveraenitaet-in-der-cloud

#cloud #alternative #souveranitat #firma #behorden #unternehmen #daten #itsec

Microslop is a bit late for the new year celebration (or a bit early for Chinese new year).

Either way they're starting/ending the year with a banger: CVE-2026-20965

Being able to steal Global Admin token and labeling it a medium severity.

#infosec #infosec2026 #itsec #itsecurity