Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Threat Roundup for August 5 to August 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 5 and Aug. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 25...

TALOS
#xss#vulnerability#web#ios#mac#windows#google#microsoft#js#git#intel#botnet#sap#ssl
CVE-2022-35559: IOT/Tenda/W6/stackoverflow/formSetAutoPing at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution.

CVE-2022-35558: IOT/Tenda/W6/stackoverflow/WifiMacFilterGet at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35557: IOT/Tenda/W6/stackoverflow/wifiSSIDget at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35561: IOT/Tenda/W6/stackoverflow/WifiMacFilterSet at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35560: IOT/Tenda/W6/stackoverflow/wifiSSIDset at main · ilovekeer/IOT

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

CVE-2022-35555: IOT/README.md at main · ilovekeer/IOT

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.

Viral video drives malvertising on social media platform

Tech support scammers are leveraging social media giant Facebook to lure users into clicking on a viral article. (Read more...) The post Viral video drives malvertising on social media platform appeared first on Malwarebytes Labs.

Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow

A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.

Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow

A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.