Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-31446: Router/RCE_1.md at main · wshidamowang/Router

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

CVE
Open in Source
#vulnerability#web#mac#rce#auth#telnet
CVE-2022-31447: XXE injection in Magicpin 3.4

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.

Taking down the IP2Scam tech support campaign

Tech support scams follow a simple business model that has not changed much over the years. After all, why change a recipe that continues to yield large profits. We see countless such campaigns and block them indiscriminately to protect our customers from being defrauded by a fraudulent tech support agent over the phone. Every now... The post Taking down the IP2Scam tech support campaign appeared first on Malwarebytes Labs.

Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns

New hacking technique allows threat actors to evade some of the most effective phishing countermeasures

Update Chrome now: Four high risk vulnerabilities found

We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.

DoS Vulnerability Allows Easy Envoy Proxy Crashes

The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers.

Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be

CVE-2021-46817: Adobe Security Bulletin

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.