Security
Headlines
HeadlinesLatestCVEs

Tag

#asus

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and

The Hacker News
Open in Source
#vulnerability#ios#android#rce#asus#sap#The Hacker News
CVE-2022-38699: ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

CVE-2021-41437: easy-exploits/Web/ASUS/CVE-2021-41437 at main · efchatz/easy-exploits

An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.

VPN Providers Flee India as a New Data Law Takes Hold

Many companies have pulled physical servers from the country as a mandate to collect customer data goes into effect.

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes.

Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The

CVE-2022-40768: git/torvalds/linux.git - Linux kernel source tree

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

CVE-2022-2990: Vulnerability in Linux containers – investigation and mitigation

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

iOS 16 Has Two New Security Features for Worst-Case Scenarios

Safety Check and Lockdown Mode give people in vulnerable situations ways to quarantine themselves from acute risks.

European Spyware Vendor Intellexa Offering Android, iOS Device Exploits

By Deeba Ahmed The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. This is a post from HackRead.com Read the original post: European Spyware Vendor Intellexa Offering Android, iOS Device Exploits