Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution

The Hacker News
Open in Source
#vulnerability#web#mac#amazon#intel#perl#aws#amd#sap#The Hacker News
Windows Vulnerability Could Crack DC Server Credentials Open

The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.

Emerson Proficy Machine Edition

This advisory contains mitigations for Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of Cryptographic Signature, Insufficient Verification of Data Authenticity, and Path Traversal: ‘\..\filename’ vulnerabilities in Emerson Proficy Machine Edition, an engineering workstation.

CVE-2021-30490: Software download for Uninterruptible Power Supply

upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.

CVE-2022-36273: CVEIDs/TendaAC9 at main · F0und-icu/CVEIDs

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks. Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider

Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation. Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa. The findings have been corroborated

CVE-2022-24949: Eternal Terminal Root Privilege Escalation

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().

CVE-2022-38368: PSIRT Advisories — aviatrix_docs documentation

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

DEF CON 30: Hackers Come Home to Vibrant Community

After 30 years and a brief pandemic hiatus, DEF CON returns with "Hacker Homecoming," an event that put the humans behind cybersecurity first.