Security
Headlines
HeadlinesLatestCVEs

Tag

#asus

VPN Providers Threaten to Quit India Over New Data Law

The country has ordered companies operating VPNs to collect user data and hand it over to officials—but they’re refusing to do so.

Wired
Open in Source
#web#git#intel#backdoor#asus#auth#sap
Threat Source newsletter (April 28, 2022) — The 2022 Cybersecurity Mock Draft

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter that’s going to be a little different, but bear with me.  In honor of the NFL Draft starting this evening — an event that Cisco is helping to secure — I thought it’d be appropriate to look at building a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-27905: Security Advisory - State Farm

In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act," the State Department's Rewards for Justice Program

Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now

The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.

CVE-2022-28796

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-25597: ASUS RT-AC86U - Command Injection

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

CVE-2021-3752: [PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested()

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2022-21933: ASUS VivoMini/Mini PC - improper input validation

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

CVE-2021-44158: ASUS RT-AX56U Router - Stack-based buffer overflow

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.