Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-30258: DnsServer/CHANGELOG.md at master · TechnitiumSoftware/DnsServer

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

CVE
Open in Source
#sql#vulnerability#web#mac#windows#js#auth#docker#sap#ssl
CVE-2022-43143: BUG: Beekeeper Remote Code Execution via XSS · Issue #1393 · beekeeper-studio/beekeeper-studio

A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error modal container.

Researchers Reveal Details of New Threats: AXLocker, Octocrypt and Alice Ransomware

By Deeba Ahmed AXLocker ransomware is now known as a threat that targets Discord users. This is a post from HackRead.com Read the original post: Researchers Reveal Details of New Threats: AXLocker, Octocrypt and Alice Ransomware

CVE-2022-44175: IoT_vuln/readme.md at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

Trojan.Win32.Platinum.gen MVID-2022-0657 Code Execution

Trojan.Win32.Platinum.gen malware suffers from a code execution vulnerability.

Google Wins Lawsuit Against Russians Linked to Blockchain-based Glupteba Botnet

Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The U.S. District Court for the Southern District of New York imposed monetary sanctions against the defendants and their U.S.-based legal counsel. The defendants have also been asked to pay Google's attorney fees. The defendants' move to press

Research sector targeted in new spear phishing attack using Google Drive

By Deeba Ahmed The attackers gain access to the network through decoy documents covering controversial geo-political topics to lure the targeted organizations into downloading and executing the malware. This is a post from HackRead.com Read the original post: Research sector targeted in new spear phishing attack using Google Drive

CVE-2022-30256: a small open-source DNS server

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.