Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Research Highlights Cyber Security's Underestimated Role As a Business and Revenue Enabler

Global study reveals boards still undervalue cyber's role.

DARKReading
#google#microsoft#git#intel#aws#sap
Cybersecurity Skills Shortage, Recession Fears Drive 'Upskilling' Training Trend

For companies, training an existing worker is cheaper than hiring, while for employees, training brings job security and more interesting work.

CVE-2022-37337: TALOS-2022-1596 || Cisco Talos Intelligence Group

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2022-38458: TALOS-2022-1598 || Cisco Talos Intelligence Group

A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.

CVE-2022-36429: TALOS-2022-1597 || Cisco Talos Intelligence Group

A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVE-2022-38452: TALOS-2022-1595 || Cisco Talos Intelligence Group

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The