Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

Zscaler's Cloud-Based Cybersecurity Outages Showcase Redundancy Problem

While fewer cloud providers are suffering outages, customers should prepare for the uncommon event, especially when relying on cloud services for security.

DARKReading
Open in Source
#web#microsoft#amazon#dos#perl#aws
CVE-2022-40617: strongSwan Vulnerability (CVE-2022-40617)

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Ubuntu Security Notice USN-5706-1

Ubuntu Security Notice 5706-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-3379

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer.

CVE-2022-43364: IOT_Vulnerability_Discovery/5_reset_the_password.md at main · splashsc/IOT_Vulnerability_Discovery

An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.

CVE-2022-42055: GL.iNET MT300N-V2 Vulnerabilities and Hardware Teardown

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.

Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?

Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.

CVE-2022-3095: sdk/CHANGELOG.md at master · dart-lang/sdk

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.

Cyberattackers Target Instagram Users With Threats of Copyright Infringement

A novel campaign is using an emerging URL redirection tactic to try to trick business users and others into clicking on an embedded link and giving up credentials.

3 Steps Small Businesses Can Take to Prevent Cyberattacks

Setting priorities for internal security measures and outsourcing complex practices help protect small and midsize businesses.