Responsible Disclosure
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and blocking a CVE from being issued. The researcher’s report describes a critical privilege escalation flaw that allowed cluster-admin access from the low-privileged “Backup Contributor” role. Microsoft disputes the claim, telling GeekFeed the behavior was expected and that “no product changes […]
Hacker claims to leak WIRED database with 2.3 million records
A hacker claims to have breached Condé Nast and leaked an alleged WIRED database containing more than 2.3 million subscriber records, while also warning that they plan to release up to 40 million additional records for other Condé Nast properties. On December 20, a threat actor using the name “Lovely” leaked the database on a […]
DoorDash email spoofing vulnerability sparks messy disclosure dispute
A vulnerability in DoorDash’s systems could allow anyone to send “official” DoorDash-themed emails right from company’s authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious dispute has erupted between the researcher who reported the vulnerability and the company, with both sides accusing each other of acting improperly. Anyone could send ‘official’ DoorDash […]