Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Botnets in the Age of Remote Work

Here are some strategies for protecting the business against botnets poised to take advantage of remote-work vulnerabilities.

DARKReading
Open in Source
#vulnerability#web#mac#ddos#git#intel#botnet#auth
Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration

Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order

Zero-day puts a dent in Chrome's mojo

Categories: Exploits and vulnerabilities Categories: News The Google Chrome Team recently issued a fix for the CVE-2022-3075 zero-day. (Read more...) The post Zero-day puts a dent in Chrome's mojo appeared first on Malwarebytes Labs.

CVE-2022-39838: GitHub - jet-pentest/CVE-2022-39838

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

CVE-2022-31814: pfBlockerNG Unauth RCE Vulnerability - IHTeam Security Blog

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

Cisco ASA-X With FirePOWER Services Authenticated Command Injection

This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine allows the attacker to pivot to the inside network, and access the outside network. Also, the SFR virtual machine is running snort on the traffic flowing through the ASA, so the attacker should have access to this diverted traffic as well. This module requires ASDM credentials in order to traverse the ASDM interface. A similar attack can be performed via Cisco CLI (over SSH), although that isn't implemented here. Finally, it's worth noting that this attack bypasses the affects of the lockdown-sensor command (e.g. the virtual machine's bash shell shouldn't be available but this attack makes it available). Cisco assigned this issue CVE-2022-20828. The issue affects all Cisco ASA that sup...

Apple macOS Remote Events Memory Corruption

This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.

A week in security (August 29 - September 4)

Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 29 - September 4) appeared first on Malwarebytes Labs.

CVE-2022-39829: mTower/ecdsa_keygen.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.