🕴 Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs 🕴
📖 Read
via "Dark Reading".
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.📖 Read
via "Dark Reading".
Dark Reading
Supercharged Version of Amadey Infostealer & Malware Dropper Bypasses AVs
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.
‼ CVE-2022-35288 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35284 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34962 ‼
📖 Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35871 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34966 ‼
📖 Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24992 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35285 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2059 ‼
📖 Read
via "National Vulnerability Database".
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35869 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33969 ‼
📖 Read
via "National Vulnerability Database".
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23000 ‼
📖 Read
via "National Vulnerability Database".
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22999 ‼
📖 Read
via "National Vulnerability Database".
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2032 ‼
📖 Read
via "National Vulnerability Database".
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35873 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35870 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within com.inductiveautomation.metro.impl. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17265.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35872 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17115.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35287 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.📖 Read
via "National Vulnerability Database".
🕴 Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit 🕴
📖 Read
via "Dark Reading".
The firmware threat offers ultimate stealth and persistence — and may be distributed via tainted firmware components in a supply chain play, researchers theorize.📖 Read
via "Dark Reading".
Dark Reading
Rare 'CosmicStrand' UEFI Rootkit Swings into Cybercrime Orbit
The firmware threat offers ultimate stealth and persistence — and may be distributed via tainted firmware components in a supply chain play, researchers theorize.
‼ CVE-2022-34907 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest authority possible and gain full control over the FileWave platform.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34906 ‼
📖 Read
via "National Vulnerability Database".
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests.📖 Read
via "National Vulnerability Database".