Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-36222: Hacking the Nokia Fastmile: Part 2

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.

CVE
Open in Source
#vulnerability#web#android#mac#backdoor#nokia#auth#ssh#telnet
CVE-2022-36221: Hacking the Nokia Fastmile: Part 2

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system.

GHSA-p82q-rxpm-hjpc: AAD Pod Identity obtaining token with backslash

### Impact _What kind of vulnerability is it? Who is impacted?_ The [NMI](https://azure.github.io/aad-pod-identity/docs/concepts/nmi/) component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to [IMDS](https://learn.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows) allowing a pod in the cluster to access identities that it shouldn't have access to. ### Patches _Has the problem been patched? What versions should users upgrade to?_ - We analyzed this bug and determined that we needed to fix it. This fix has been included in AAD Pod Identity release [v1.8.13](https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13) - If using the [AKS pod-managed identities add-on](https://learn.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity), no action is required. T...

Trend Micro Joins Google’s App Defense Alliance

Trend Micro will be joining Google's App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store.

The Rise of the Rookie Hacker - A New Trend to Reckon With

More zero knowledge attacks, more leaked credentials, more Gen-Z cyber crimes - 2022 trends and 2023 predictions. Cybercrime remains a major threat to individuals, businesses, and governments around the world. Cybercriminals continue to take advantage of the prevalence of digital devices and the internet to perpetrate their crimes. As the internet of things continues to develop, cybercriminals

Microsoft Warns on 'Achilles' macOS Gatekeeper Bypass

The latest bypass for Apple's application-safety feature could allow malicious takeover of Macs.

How AI/ML Can Thwart DDoS Attacks

When properly designed and trained, artificial intelligence and machine learning can help improve the accuracy of distributed denial-of-service detection and mitigation.

Coming to a SOC Near You: New Browsers, 'Posture' Management, Virtual Assistants

Startups are coalescing around effective data loss prevention, reducing data attack surfaces, and viable AI automation.

Cybersecurity Company VMRay Extends Series B Investment to a Total of $34M USD to Drive Growth into New Markets

VMRay announces the closing of a Series B led by global alternative asset manager Tikehau Capital, which will fuel further expansion of the product portfolio to target a broader set of market segments.

CVE-2022-46538: CVE-vulns/formWriteFacMac.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.