Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

CVE-2023-36354: iotvul/tp-link/7/TL-WR940N_TL-WR841N_TL-WR740N_TL-WR941ND_userRpm_AccessCtrlTimeSchedRpm.md at main · a101e-IoTvul/iotvul

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE
Open in Source
#vulnerability#web#windows#ubuntu#linux#dos#buffer_overflow#auth#zero_day#firefox
CVE-2023-36355: iotvul/tp-link/9/TP-Link TL-WR940N wireless router userRpmWanDynamicIpV6CfgRpm buffer write out-of-bounds vulnerability.md at main · a101e-IoTvul/iotvul

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Cybersecurity hotlines at colleges could go a long way toward filling the skills gap

These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.

2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

Advantech R-SeeNet

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Advantech ​Equipment: R-SeeNet ​Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: ​R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW ​3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 ​Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. ​CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 ​EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ​...

Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023

Categories: Business Dive into where we prevented more than the rest and how we were able to do it. (Read more...) The post Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 appeared first on Malwarebytes Labs.

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

New DoJ Cyber Prosecution Team Will Go After Nation-State Threat Actors

The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states.

Avast, Norton Parent Latest Victim of MOVEit Data Breach Attacks

Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.

Fresh Ransomware Gangs Emerge as Market Leaders Decline

The ransomware landscape is energized with the emergence of smaller groups and new tactics, while established gangs like LockBit see fewer victims.