Security
Headlines
HeadlinesLatestCVEs

Tag

#asus

CVE-2022-27169: TALOS-2022-1494 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

CVE
Open in Source
#vulnerability#cisco#intel#perl#asus#auth
CVE-2022-26026: TALOS-2022-1491 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.

CVE-2022-26303: TALOS-2022-1488 || Cisco Talos Intelligence Group

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26043: TALOS-2022-1489 || Cisco Talos Intelligence Group

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26067: TALOS-2022-1492 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.

Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

A spyware vendor called Cytrox was found to be using several zero-day vulnerabilities in Google's Chrome browser and the Android kernel component. The post Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware appeared first on Malwarebytes Labs.

Predator Spyware Using Zero-day to Target Android Devices

By Deeba Ahmed Spyware developer firm Cytrox is under Google’s radar for developing exploits against five 0-day flaws in Android and… This is a post from HackRead.com Read the original post: Predator Spyware Using Zero-day to Target Android Devices

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

Researchers found a way to exploit the tech that enables Apple’s Find My feature, which could allow attackers to track location when a device is powered down.