Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

By Deeba Ahmed In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023… This is a post from HackRead.com Read the original post: Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

HackRead
Open in Source
#vulnerability#android#windows#microsoft#lenovo#buffer_overflow#samsung
Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report. The initial vector for these

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based

CVE-2022-40049: Bug_report/SQLi-1.md at main · Manba6/Bug_report

SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page.

LogRhythm Enhances Security Analytics With Expanded Security Operations Capabilities

New platform features and integrations enable analysts to quickly detect and remediate threats.

CVE-2022-41740: A vulnerability in IBM Robotic Process Automation may result in sensitive information disclosure (CVE-2022-41740)

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

SimpleRmiDiscoverer 0.1

SimpleRmiDiscoverer is a JMX RMI scanning tool for unsecured (without enabled authentication) instances of JAVA JMX. It does not use standard Java RMI/JMX classes like other available tools but rather communicates directly over TCP. The tool is written in Java and is very useful in red teaming operations because JVM is still ubiquitous in corporate environments. It can be executed by unprivileged (non-admin) users.

CVE-2022-45995: public_bug/tenda/ax12/1 at main · bugfinder0/public_bug

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.

CVE-2022-43540

A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.