Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-43308: Switch gerenciável 24 portas PoE Gigabit Ethernet | Intelbras

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.

CVE
Open in Source
#web#ios#intel#auth
Study shows that 42% of people use their names in passwords

By Waqas ExpressVPN’s study on the most common passwords around the world showed that 42% of people use their first name in their passwords, while 43% of them use their birth date. This is a post from HackRead.com Read the original post: Study shows that 42% of people use their names in passwords

CVE-2022-23748: CVE-2022-23748

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

CVE-2022-23748: Audinate Response to Dante Discovery (mDNSResponder.exe) Security Issue (CVE-2022-23748) | Audinate | FAQs

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

CVE-2021-33897: Synthesia News Archive

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.

TMI Tech: How to Stop Vulnerable Software from 'Oversharing'

Stop chatty apps from oversharing and eliminate a hacker backdoor — train developers on "security first" while subjecting APIs to least-privilege zero-trust policies.

Red Hat Security Advisory 2022-8506-01

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign

A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking,

China-Based Billbug APT Infiltrates Certificate Authority

Access to digital certificates would allow the Chinese-speaking espionage group to sign its custom malware and skate by security scanners.