Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-38452: TALOS-2022-1595 || Cisco Talos Intelligence Group

A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

CVE
#vulnerability#mac#cisco#git#intel#telnet#wifi
CVE-2022-45636: Insecure Authorization Scheme for API Requests in DBD+ Mobile Companion Application for Megafeis Smart Locks

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.

Breach Forums to Remain Offline Permanently

By Waqas One of the Breach Forums administrators who goes by the alias Baphomet has decided to shut down the forum permanently. This is a post from HackRead.com Read the original post: Breach Forums to Remain Offline Permanently

Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

By Habiba Rashid The company has disclosed the wallet addresses and three IP addresses used by the attacker in the hack. This is a post from HackRead.com Read the original post: Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities

If an adversary could capture an authentication packet, it contains all the necessary information to steal the target user’s username and password for the software.

VISAM VBASE Automation Base

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity  Vendor: VISAM  Equipment: VBASE  Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information from the target device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS VISAM reports these vulnerabilities affect the following VBASE products:   VBASE Automation Base: versions prior to 11.7.5  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.  CVE-2022-41696 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).  3.2.2 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  Versions of VISAM VBASE Automation Base prior t...

CVE-2023-1535: Multiple XSS @ answer/question/tag in answer

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

CVE-2023-1539: Captcha Bypass on login in answer

Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6.

Emotet Rises Again: Evades Macro Security via OneNote Attachments

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A

How to avoid potentially unwanted programs

Categories: Explained Categories: News Tags: potentially unwanted programs Tags: PUAs Tags: PUPs If you’ve ever downloaded software onto your computer, chances are you’ve unknowingly cluttered your machine with potentially unwanted programs. (Read more...) The post How to avoid potentially unwanted programs appeared first on Malwarebytes Labs.