Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-45045: Xiongmai IoT Exploitation - Blog - VulnCheck

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated attacker, possibly using the default admin:tlJwpbo6 credentials, can connect to port 34567 and execute arbitrary operating system commands via a crafted JSON file during an upgrade request. Since at least 2021, Xiongmai has applied patches to prevent attackers from using this mechanism to execute telnetd.

CVE
Open in Source
#vulnerability#web#ios#mac#amazon#linux#apache#js#git#java#intel#php#c++#rce#botnet#buffer_overflow#huawei#auth#ssh#telnet#ssl
Nvidia GPU Driver Bugs Threaten Device Takeover & More

If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.

Hackers using USB drives to spread malware in ongoing attack

By Habiba Rashid Currently, hackers are targeting public and private entities in Southeast Asia, the Asia-Pacific region, Europe, and the U.S., with a focus on the Philippines. This is a post from HackRead.com Read the original post: Hackers using USB drives to spread malware in ongoing attack

North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The backdoor [...] has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing

How Banks Can Upgrade Security Without Affecting Client Service

New protective measures work behind the scenes, with little impact on the customer experience.

API Secrets: Where the Bearer Model Breaks Down

Current authentication methods are based on the bearer model, but lack of visibility into the entities leveraging API secrets has made this untenable.

Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE

Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.

CVE-2022-4231: bug-report/vendors/tribalsystems/zenario/session-fixation at main · lithonn/bug-report

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.