Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.   But after spending a few days on the show floor and interacting with everyone, there are a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
Open in Source
#vulnerability#web#ios#mac#windows#apple#microsoft#linux#cisco#backdoor#rce#log4j#asus#auth
CVE-2022-30658: Adobe Security Bulletin

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2022-31384: POC/CVE-2022-31384.txt at main · laotun-s/POC

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

Hertzbleed exposes computers’ secret whispers

Hertzbleed is a new side-channel attack that can recover sensitive information from a targeted system by applying CPU timing. The post Hertzbleed exposes computers’ secret whispers appeared first on Malwarebytes Labs.

CVE-2022-31849: Vuln/MERCURY_MIPC451-4/command_execution_0 at master · skyedai910/Vuln

MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.

CVE-2022-30023: Tenda.com | Conquiste seu Apartamento

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

Microsoft is warning that the BlackCat ransomware crew is leveraging exploits for unpatched Exchange server vulnerabilities to gain access to targeted networks. Upon gaining an entry point, the attackers swiftly moved to gather information about the compromised machines, followed by carrying out credential theft and lateral movement activities, before harvesting intellectual property and

Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear. However, with remote working now the norm in most if not all workplaces, it feels a lot more like agent-based scanning is a must, while network-based scanning is an optional extra. This article will go in-depth on the

Police Linked to Hacking Campaign to Frame Indian Activists

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

CVE-2021-41402: Code execution vulnerabilities in the background · Issue #59 · flatCore/flatCore-CMS

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.