Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

Capital One Joins Open Source Security Foundation

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

DARKReading
Open in Source
#vulnerability#google#microsoft#linux#cisco#red_hat#nodejs#js#git#oracle#kubernetes#intel#perl#vmware#aws#ericsson#huawei#ibm#dell
Exploits and TrickBot disrupt manufacturing operations

Categories: Threat Intelligence September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri. This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021. (Read more...) The post Exploits and TrickBot disrupt manufacturing operations appeared first on Malwarebytes Labs.

CVE-2022-37070: vuln/H3C/GR-1200W/19 at main · Darry-lang1/vuln

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-36509: vuln/readme.md at main · Darry-lang1/vuln

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-36510: vuln/H3C/GR2200/1 at main · Darry-lang1/vuln

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

CVE-2022-31238: DSA-2022-149: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.

CVE-2022-33932: DSA-2022-149: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.

Business Services industry targeted across the country for backdoor access

Categories: Threat Intelligence High detections of hacking tools for the Business Services industry shows that attackers likely sought to infect businesses and install backdoors for future access to their customers. (Read more...) The post Business Services industry targeted across the country for backdoor access appeared first on Malwarebytes Labs.

Attackers waited until holidays to hit US government

Categories: Threat Intelligence In the first quarter of 2021, the US public sector dealt with heavy-hitting breaches against local, federal, and state government networks. (Read more...) The post Attackers waited until holidays to hit US government appeared first on Malwarebytes Labs.

CVE-2020-23622: CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk

** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header.