Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

APT34 targets Jordan Government using new Saitama backdoor

On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is... The post APT34 targets Jordan Government using new Saitama backdoor appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#mac#microsoft#git#backdoor
CVE-2022-29397: IoT-vuln/Totolink/4.setMacFilterRules at main · d1tto/IoT-vuln

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.

CVE-2022-29397: IoT-vuln/Totolink/4.setMacFilterRules at main · d1tto/IoT-vuln

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.

CVE-2022-29394: IoT-vuln/Totolink/1.setWiFiAclAddConfig at main · d1tto/IoT-vuln

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.

CVE-2022-29394: IoT-vuln/Totolink/1.setWiFiAclAddConfig at main · d1tto/IoT-vuln

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.

CVE-2022-29391: IoT-vuln/Totolink/5.setStaticDhcpConfig at main · d1tto/IoT-vuln

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.

CVE-2022-29391: IoT-vuln/Totolink/5.setStaticDhcpConfig at main · d1tto/IoT-vuln

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.

Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz.  Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft... [[ This is only the beginning! Please visit the blog for the complete entry ]]

AMD Gave Google Cloud Rare Access to Its Tech to Hunt Chip Flaws

By working together, the companies say they’re better able to find security flaws in Google Cloud’s Confidential Computing infrastructure.

CVE-2022-1649: Fix null deref in macho parser ##crash · radareorg/radare2@a5aafb9

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).