#windows

Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

By Deeba Ahmed At the moment, Zombinder is focusing entirely on Android apps but the service operators are offering Windows apps binding services. This is a post from HackRead.com Read the original post: Zombinder on Dark Web Lets Hackers Add Malware to Legit Apps

2 years ago

HackRead

Open in Source

#web #android #mac #windows #google #microsoft #amazon #git #samsung #auth #zero_day #chrome #firefox #wifi

CVE-2022-45290: KbaseDoc-v1.0-Arbitrary-file-deletion-vulnerability/README.md at main · HH1F/KbaseDoc-v1.0-Arbitrary-file-deletion-vulnerability

Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #apple #git #java #chrome #webkit

Threat Round up for December 2 to December 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 2 and Dec. 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

2 years ago

TALOS

Open in Source

#sql #vulnerability #web #mac #windows #google #microsoft #amazon #js #intel #pdf #botnet #firefox

CVE-2022-3724: Crash in USB-HID dissector on Windows (#18384) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows

2 years ago

CVE

Open in Source

#windows #microsoft #dos #git #intel #c++#ssl

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "

2 years ago

The Hacker News

Open in Source

#vulnerability #mac #windows #microsoft #cisco #rce #botnet #The Hacker News

CVE-2022-44838: bug_report/SQLi-1.md at main · GkaMei/bug_report

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.

2 years ago

CVE

Open in Source

#sql #vulnerability #windows #php #auth #firefox

CVE-2022-44213: ZKT Eco ADMS - Stored XSS

ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).

2 years ago

CVE

Open in Source

#xss #vulnerability #web #windows #git #ericsson #wifi

Planet eStream Code Execution / SQL Injection / XSS / Broken Control

Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.

2 years ago

Packet Storm

Open in Source

#sql #xss #vulnerability #web #mac #windows #microsoft #dos #js #java #rce #perl #acer #auth #ssl

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link

Welcome to this week’s edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest – that feeling that I think most, if not all, Threat Source readers get at this time of year. That's

2 years ago

TALOS

Open in Source

#vulnerability #windows #microsoft #cisco #dos #intel

Tag

#windows