Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-45997: public_bug/tenda/w20e/1 at main · bugfinder0/public_bug

Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.

CVE
Open in Source
#vulnerability#web#windows#apple#js#buffer_overflow#telnet#chrome#webkit
CVE-2022-45979: IOT-CVE/Tenda/AX12/4 at master · The-Itach1/IOT-CVE

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .

95.6% of New Malware in 2022 Targeted Windows

By Habiba Rashid According to researchers, 59.58 million samples of new Windows malware were found in the first three quarters of 2022 and these make up 95.6% of all new malware discovered during that time period.  This is a post from HackRead.com Read the original post: 95.6% of New Malware in 2022 Targeted Windows

GHSA-j8x2-2m5w-j939: Amazon CloudWatch Agent for Windows has Privilege Escalation Vector

### Impact A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. ### Patches Maintainers recommend that Agent users upgrade to the latest available version of the CloudWatch Agent to address this issue. ### Workarounds There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue. ### References https://github.com/aws/amazon-c...

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The

CVE-2021-3661: HP Workstation BIOS February 2022 Security Update

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

CVE-2022-23511: Privilege Escalation Vector in CloudWatch Agent for Windows

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.

RHSA-2022:8913: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

Red Hat JBoss Web Server 5.7.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity

The weirdest security stories of 2022

Categories: News Tags: Weird Tags: 2022 Tags: infosec Tags: social engineering Tags: scam Tags: romance Tags: deepfake Tags: video games Tags: advertising Tags: advergaming Tags: apes Tags: NFT Tags: 419 Tags: space Tags: astronaut We take a look at the weirdest security related stories of 2022—from apes to the great unknowns of space. (Read more...) The post The weirdest security stories of 2022 appeared first on Malwarebytes Labs.