Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

CVE-2022-31890: Securing Open-Source Solutions: A Study of osTicket Vulnerabilities

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#mac#git#java#php#perl#auth#zero_day
QNAP Zero-Days Leave 80K Devices Vulnerable to Cyberattack

Multiple QNAP operating systems are affected, including QTS, QuTS hero, QuTScloud, and QVP Pro appliances, and some don't yet have patches available.

Protect Your Company: Ransomware Prevention Made Easy

Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions.  Naturally, businesses want to find products that will stop malware in its tracks, and so they search for solutions to do that.

For Cybercrime Gangs, Professionalization Comes With 'Corporate' Headaches

They rake in millions, but now, as much as zero-days and ransoms, cybercriminals are dealing with management structures and overhead.

How Good Is Your Advanced Threat Management?

Whether protecting a financial institution or a hospital, everyone needs an effective strategy for fending off slippery threats like those that hide in memory.

CVE-2023-1393: security - Fwd: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

Mélofée: The Latest Malware Targeting Linux Servers

By Deeba Ahmed An unidentified Chinese APT group is suspected of operating the Mélofée malware. This is a post from HackRead.com Read the original post: Mélofée: The Latest Malware Targeting Linux Servers

CVE-2022-27642: Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0327

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.