Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

4 over-hyped security vulnerabilities of 2022

Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#mac#windows#microsoft#rce#log4j#auth#zero_day#sap#ssl
CVE-2022-47514: XML-RPC.Net - Downloads

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

Plus: An FBI platform got hacked, an ex-Twitter employee is sentenced for espionage, malicious Windows 10 installers circulate in Ukraine, and more.

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows

GitHub Expands Secret Scanning, 2FA Across Platform

Microsoft-owned GitHub is taking steps to secure the open source software ecosystem by rolling out security features to protect code repositories.

Cyber Threats Loom as 5B People Prepare to Watch World Cup Final

The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history — but will cybercriminals score a hat trick off its state-of-the-art digital footprint?

CVE-2022-46670: Product Notice 1612: MicroLogix 1100 & 1400 Web Server Application Vulnerable to Cross Site Scripting Attack

Rockwell Automation was made aware of a vulnerability by a security researcher from Georgia Institute of Technology that the MicroLogix 1100 and 1400 controllers contain a vulnerability that may give an attacker the ability to accomplish remote code execution. The vulnerability is an unauthenticated stored cross-site scripting vulnerability in the embedded webserver. The payload is transferred to the controller over SNMP and is rendered on the homepage of the embedded website.

CVE-2022-3157: Controllers Vulnerable to a Denial-of-Service Vulnerability

A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).

New Botnet Targeting Minecraft Servers Poses Potential Enterprise Threat

Microsoft warns enterprises should pay attention to a new botnet used to launch DDoS attacks on private Minecraft Java servers.

CVE-2022-3166: Product Notice 1611: MicroLogix 1100 & 1400 Product Web Server Application Vulnerable to Denial-Of-Service Condition Attack

Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-service condition. The security vulnerability could be exploited by an attacker with network access to the affected systems by sending TCP packets to webserver and closing it abruptly which would cause a denial-of-service condition for the web server application on the device