Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

Intel Processor UEFI Source Code Leaked

Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.

DARKReading
#vulnerability#ios#git#intel#bios
CVE-2022-32492: DSA-2022-169: Dell Client Precision 5820, 7820, and 7920 Tower BIOS Security Update

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Intel Confirms Leak of Alder Lake BIOS Source Code

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has been leaked, following its release by an unknown third-party on 4chan and GitHub last week. The published content contains Unified Extensible Firmware Interface (UEFI) code for Alder Lake, the company's 12th generation processors that was originally launched in November 2021. In a statement shared with

CVE-2022-36635

ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.

CVE-2022-36634: ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)

An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request.

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution

ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.

2K Games Help Desk Platform Hacked to Spread Info-stealing Malware

By Deeba Ahmed Famous publisher 2K Games’ helpdesk platform was hacked where the attackers attempted to distribute malware to gamers’ devices.… This is a post from HackRead.com Read the original post: 2K Games Help Desk Platform Hacked to Spread Info-stealing Malware

CVE-2021-41437: easy-exploits/Web/ASUS/CVE-2021-41437 at main · efchatz/easy-exploits

An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.

Threat Roundup for September 16 to September 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 16 and Sept. 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, orokibot ClamAV.net. For each threat described below, this blog post only...