Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

CVE
Open in Source
#xss#vulnerability#web#ios#mac#windows#google#microsoft#linux#dos#apache#js#git#java#intel#rce#perl#ldap#samba#pdf#vmware#log4j#buffer_overflow#auth#dell#zero_day#chrome#firefox#ssl
Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link

Welcome to this week’s edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest – that feeling that I think most, if not all, Threat Source readers get at this time of year. That's

Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

By Habiba Rashid Here is everything you need to know about the first two days at the Pwn2Own hacking contest. This is a post from HackRead.com Read the original post: Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several countries around the world.

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.

Researchers Uncover Darknet Service Allowing Hackers to Trojonize Legit Android Apps

Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The Hacker News. "This campaign resulted in thousands of victims," the Dutch cybersecurity company said,

CVE-2022-45498: IOT_Vul/readme.md at main · z1r00/IOT_Vul

An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

CVE-2022-45504: IOT_Vul/readme.md at main · z1r00/IOT_Vul

An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

CVE-2022-45501: IOT_Vul/readme.md at main · z1r00/IOT_Vul

Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.

CVE-2022-45505: IOT_Vul/readme.md at main · z1r00/IOT_Vul

Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.