Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-46670: Product Notice 1612: MicroLogix 1100 & 1400 Web Server Application Vulnerable to Cross Site Scripting Attack

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

CVE
#xss#vulnerability#web#microsoft#rce#auth
CVE-2022-3157: Controllers Vulnerable to a Denial-of-Service Vulnerability

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

New Botnet Targeting Minecraft Servers Poses Potential Enterprise Threat

Microsoft warns enterprises should pay attention to a new botnet used to launch DDoS attacks on private Minecraft Java servers.

CVE-2022-3166: Product Notice 1611: MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device

Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

By Waqas Dubbed "MCCrash" by Microsoft, the DDoS botnet is currently targeting private Minecraft servers globally. This is a post from HackRead.com Read the original post: Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

Threat Round up for December 9 to December 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 9 and Dec. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2022-41992: TALOS-2022-1644 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

Iran-Backed Charming Kitten APT Eyes Kinetic Ops, Kidnapping

The not-so-charming APT's intelligence-gathering initiatives are likely being used by the Iranian state to target kidnapping victims.

CVE-2022-4440: Chromium: CVE-2022-4440 Use after free in Profiles

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**