βΌ CVE-2022-24018 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the multiWAN binary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26342 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24027 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommon.so binary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26009 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23918 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24019 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23919 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24022 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary.π Read
via "National Vulnerability Database".
βοΈ Class Action Targets Experian Over Account Security βοΈ
π Read
via "Krebs on Security".
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victimβs personal information and a different email address.π Read
via "Krebs on Security".
Krebs on Security
Class Action Targets Experian Over Account Security
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurityβ¦
βΌ CVE-2022-2687 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2686 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Decade-old malware strains top annual list of most pervasive business exploits π’
π Read
via "ITPro".
Allied cyber security authorities say the most active strains of 2021 have been in operation for longer than five years, and are being constantly developedπ Read
via "ITPro".
IT PRO
Decade-old malware strains top annual list of most pervasive business exploits | IT PRO
Allied cyber security authorities say the most active strains of 2021 have been in operation for longer than five years, and are being constantly developed
π’ Malware operators abusing Windows shortcuts to bypass VBA macro block π’
π Read
via "ITPro".
The likes of Emotet and Qakbot, as well as Russia-linked state-sponsored hackers, have all pivoted to the new infection techniqueπ Read
via "ITPro".
IT PRO
Leading malware campaigns are abusing genuine Windows shortcuts to bypass Microsoft's VBA macro block | IT PRO
The likes of Emotet and Qakbot, as well as Russia-linked state-sponsored hackers, have all pivoted to the new infection technique
π’ North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email content π’
π Read
via "ITPro".
The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at riskπ Read
via "ITPro".
IT PRO
North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email content | IT PRO
The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at risk
π’ India scraps privacy bill following big tech outcry π’
π Read
via "ITPro".
However, the government is developing a new bill which it hopes to bring into law early next yearπ Read
via "ITPro".
IT PRO
India scraps privacy bill following big tech outcry | IT PRO
However, the government is developing a new bill which it hopes to bring into law early next year
π’ Fortinet unveils βfastestβ compact firewall for hyperscale data centers and 5G networks π’
π Read
via "ITPro".
The new FortiGate 4800F firewall series packs 2.4 Tbps of capacity into a compact 4RU form-factorπ Read
via "ITPro".
IT PRO
Fortinet unveils βfastestβ compact firewall for hyperscale data centers and 5G networks | IT PRO
The new FortiGate 4800F firewall series packs 2.4 Tbps of capacity into a compact 4RU form-factor
π’ Thoma Bravo adds Ping Identity to growing cyber security portfolio in $2.8 billion acquisition π’
π Read
via "ITPro".
The intelligent identity company joins Proofpoint and Sophos, among others, as it looks to accelerate its cloud transformationπ Read
via "ITPro".
IT PRO
Thoma Bravo adds Ping Identity to growing cyber security portfolio in $2.8 billion acquisition | IT PRO
The intelligent identity company joins Proofpoint and Sophos, among others, as it looks to accelerate its cloud transformation
π’ Cyber attacks rain on Taiwan during Pelosi visit π’
π Read
via "ITPro".
IP addresses from China and Russia were said to have been responsible for the attackπ Read
via "ITPro".
IT PRO
Cyber attacks rain on Taiwan during Pelosi visit | IT PRO
IP addresses from China and Russia were said to have been responsible for the attack
π’ Auditors blame massive $4 million cryptocurrency heist on leaky logging technology π’
π Read
via "ITPro".
Investigators raised concern over the thousands of vulnerable wallets containing Solana, USDC and other tokensπ Read
via "ITPro".
IT PRO
Auditors blame massive $4 million cryptocurrency heist on leaky logging technology | IT PRO
Investigators raised concern over the thousands of vulnerable wallets containing Solana, USDC and other tokens
βΌ CVE-2022-2688 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37451 βΌ
π Read
via "National Vulnerability Database".
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.π Read
via "National Vulnerability Database".