What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-10-14 01:23:24 | RCE Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352) Being Exploited in the Wild (lien direct) | FortiGuard Labs is aware of reports that a vulnerability affecting Zimbra Collaboration Suite (CVE-2022-41352) is a newly reported zero-day and is being exploited in the wild. CVE-2022-41352 is a Remote Code Execution (RCE) vulnerability that allows an attacker to perform remote code execution on vulnerable servers.Why is this Significant?This is significant because CVE-2022-41352 is a remote code execution vulnerability which is a zero-day and is actively being exploited in the wild.Zimbra Collaboration, formerly known as Zimbra Collaboration Suite, is a cloud-based email, calendaring, and groupware solution developed by Synacor and is widely used worldwide. According to its Web site, Zimbra is used in more than 140 countries and over 1,000 government and financial institutions.What is CVE-2022-41352?The vulnerability exists due to Amavis' (Zimbra's Anti-virus engine) usage of "cpio" to extract archives in emails and scan contents. By leveraging the vulnerability, an attacker can gain improper access to any other Zimbra user accounts, which can lead to remote code execution.What is the CVSS Score?CVE-2022-41352 has a CVSS rating of 9.8. Zimbra rates the vulnerability as "major".How Widespread is this?While we do not know how widespread this is, the first report of this vulnerability being exploited has been reported to be around the beginning of September 2022.What Versions of Zimbra Collaboration Suite are Vulnerable to CVE-2022-41352?Zimbra Collaboration Suite version 8.8.15 and 9.0 are vulnerable.Has the Vendor Released a Patch for CVE-2022-41352?Yes, the vendor released a patch on October 10, 2022.What is the Status of Protection?FortiGuard Labs released the following IPS signature for CVE-2022-41352:Zimbra.Collaboration.Suite.cpio.Remote.Code.Execution (default action is set to "pass")Any Suggested Mitigation?As mitigation, Zimbra recommends installing the pax package, an utility for creating and extracting archive files, to Zimbra servers. For details, please refer to the Appendix for a link to "Security Update - make sure to install pax/spax". | Vulnerability Guideline | ||
 |
2022-10-13 23:35:05 | Banks face their \'darkest hour\' as malware steps up, maker of antivirus says (lien direct) | When I saw it, I had to reverse engineer it, Kaspersky's lead security researcher tells us Interview Crimeware targeting banks and other financial-services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky's lead security researcher Sergey Lozhkin.… | Malware Guideline | ||
 |
2022-10-13 16:15:09 | CVE-2022-3492 (lien direct) | A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772. | Vulnerability Guideline | ★★★★★ | |
 |
2022-10-13 13:09:29 | Proofpoint étend sa Plateforme de Protection contre les menaces (lien direct) | Proofpoint étend sa Plateforme de Protection contre les menaces, avec de nouvelles fonctionnalités en matière de déploiement, de détection et d'analyse comportementale Leader de la cybersécurité, Proofpoint a présenté ses dernières innovations à la conférence Microsoft Ignite 2022 - Produits | Guideline | ||
 |
2022-10-13 10:00:00 | #See Yourself in Cyber: Top Five Ways to Help Improve your Organization\'s Security Posture (lien direct) | Since 2004, the President of the United States has proclaimed October as cybersecurity awareness month, helping individuals better understand cybersecurity threats and protect them from them. Every year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) collaborate to increase cybersecurity awareness among private sector companies and consumers. This Year’s Theme: “#See Yourself in Cyber “This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future. We encourage each of you to engage in this year’s efforts by creating your own cyber awareness campaigns and sharing this messaging with your peers.” -Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity is Complex See Yourself in Cyber can be interpreted in multiple ways. To me, it’s speaking to those students unsure of what to major in, telling them to see themselves working in the industry. It’s reaching out to other departments within an organization to get them to understand how they impact security. And highlighting how hard a security analyst’s job is. In a recent blog post, I dove deeper into why security is more challenging than ever. And it all comes back to people. People are the heart of any security organization. Security tools are a requirement, but they don’t replace people. According to (ISC) ²’s 2021 Cyber Workforce Report, there is still a cybersecurity workforce gap of more than 2.72 million. Which for some organizations can mean they’re already behind before even starting. Improving Your Security Posture There are many ways an organization can improve its security posture. They can share threat intelligence. They can invest in threat intelligence platforms or XDR solutions that improve their existing investments. For this blog, I’ve narrowed it down to five: 1) Understanding Your Relevant Threat Landscape Understanding the attack surface is key to knowing what assets need protection and how best to protect them. Unfortunately, most organizations struggle because their attack surface keeps changing. Start with an attack surface assessment. Find out how an attacker sees you. Map your assets against their potential vulnerabilities and readiness to prevent or respond to threats. This will help understand how well current tools and investments protect critical assets and what additional measures need to be taken to improve protection. A comprehensive assessment should include the following: • Visibility into all external facing assets to uncover exposed assets • Identify and evaluate the current security programs • Evaluate the effectiveness of information security policies, procedures, and processes • Determine the effect of cybersecurity incidents on KPIs, including availability, integrity, and privacy • Assess the maturity level of current tools and investments | Ransomware Malware Hack Threat Guideline | ||
 |
2022-10-13 10:00:00 | The biggest concerns within the US Financial Sector in 2022 (lien direct) | This blog was written by an independent guest blogger. The value of digital payment transactions is growing as the world's payment environment moves more and more away from cash. Over the past few years, BFSI (Banking, Financial Service, and Insurance) firms have continued to be a top target for hackers. In fact, the Sixth Annual Bank Survey found that more than 70% of fintech companies named information security as their top issue. According to VMware's Modern Bank Heists study, since the COVID-19 epidemic, there have been 238% more cyberattacks on companies in the financial sector. Artificial intelligence (AI) and self-learning malware are making cyberattacks more sophisticated. While ransomware assaults are the most profitable for cybercriminals, phishing attacks prey on unsuspecting and defenseless consumers. Thus, it should come as no surprise that 39% of financial industry executives think that the overall network security threat to BFSI sector companies has increased significantly. Financial and banking firms in the US must put cybersecurity first above all else given the volume of sensitive data that the BFSI sector must manage. Leading analytics company GlobalData predicts that rising demand for cybersecurity would cause worldwide security revenues in the retail banking industry to climb from $7.9 billion in 2019 to $9.8 billion in 2024. What are the biggest concerns facing the financial sector in the United States for 2022? Reimbursing cyber scams As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack. Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly. To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks' responsibility to establish security models that will give them and their clients the greatest level of safety. Maintain compliance with strict privacy regulations The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle. Banks must decide how to manage sensitive personal data like biometrics as | Ransomware Malware Vulnerability Threat Guideline | Uber | |
|
2022-10-13 09:21:21 | Florian Bucher devient le nouveau P-DG du réseau d\'écoles Holberton School (lien direct) | Florian Bucher devient le nouveau P-DG du réseau d'écoles Holberton School. Précédemment COO de Holberton School et Co-fondateur de 42, Florian Bucher prend aujourd'hui la tête du réseau d'écoles Holberton School. Le nouveau P-DG se donne pour objectif d'accroître le nombre d'établissements dans le monde et de positionner Holberton School comme le leader mondial de la formation informatique. - Business | Guideline | ||
|
2022-10-13 04:15:10 | CVE-2022-3473 (lien direct) | A vulnerability classified as critical has been found in SourceCodester Human Resource Management System. This affects an unknown part of the file getstatecity.php. The manipulation of the argument ci leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-210717 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-13 04:15:10 | CVE-2022-3472 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file city.php. The manipulation of the argument cityedit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210716. | Vulnerability Guideline | ★★★★★ | |
|
2022-10-13 04:15:10 | CVE-2022-3471 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file city.php. The manipulation of the argument searccity leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210715. | Vulnerability Guideline | ||
|
2022-10-13 04:15:10 | CVE-2022-3470 (lien direct) | A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-210714 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-13 03:15:08 | CVE-2022-42901 (lien direct) | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | Guideline | ||
|
2022-10-13 03:15:08 | CVE-2022-42899 (lien direct) | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | Guideline | ||
|
2022-10-13 03:15:08 | CVE-2022-42900 (lien direct) | Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | Guideline | ||
|
2022-10-13 00:15:09 | CVE-2022-42897 (lien direct) | Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | Guideline | ||
 |
2022-10-13 00:00:00 | Oil and Gas Cybersecurity: Trends & Response to Survey (lien direct) | Based on our survey of over 900 ICS security leaders in the United States, Germany, and Japan, we dig deeper into each industry's challenges and present Trend Micro's recommendations. | Guideline | ||
|
2022-10-12 23:15:09 | CVE-2022-3171 (lien direct) | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Guideline | ||
|
2022-10-12 23:15:09 | CVE-2022-39298 (lien direct) | MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-front`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-front` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. | Guideline | ||
|
2022-10-12 23:15:09 | CVE-2022-39297 (lien direct) | MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of `melisplatform/melis-cms`, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to `melisplatform/melis-cms` >= 5.0.1. This issue was addressed by restricting allowed classes when deserializing user-controlled data. | Guideline | ||
|
2022-10-12 20:15:11 | CVE-2022-41348 (lien direct) | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure. | Guideline | ||
|
2022-10-12 20:15:10 | CVE-2022-33920 (lien direct) | Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | Guideline | ||
|
2022-10-12 20:15:10 | CVE-2022-33922 (lien direct) | Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earliest opportunity. | Guideline | ||
|
2022-10-12 20:15:10 | CVE-2022-33921 (lien direct) | Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | Guideline | ||
|
2022-10-12 18:15:09 | CVE-2022-28887 (lien direct) | Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | Vulnerability Guideline | ||
 |
2022-10-12 15:33:07 | Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service (lien direct) |  Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely. The Robustel R1510 router is a dual-ethernet port wireless router that shares 3G and 4G wireless signals for use in industrial and internet-of-things environments. The router includes the use of open VPN tunneling, a cloud management platform to manage other devices and routers and different safeguards to manage data caps. Talos discovered five operating system command injection vulnerabilities in the router that an adversary could trigger by sending the targeted device a specially crafted network request. All these vulnerabilities have a CVSS severity score of 9.1 out of 10: TALOS-2022-1578 (CVE-2022-34850) TALOS-2022-1577 (CVE-2022-33150) TALOS-2022-1576 (CVE-2022-32765) TALOS-2022-1573 (CVE-2022-33325 - CVE-2022-33329) TALOS-2022-1572 (CVE-2022-33312 - CVE-2022-33314) TALOS-2022-1580 (CVE-2022-34845) and TALOS-2022-1570 (CVE-2022-32585) can also lead to arbitrary code execution, though this vulnerability exists when a user logs in as an administrator. An attacker could also send a specially crafted network request to trigger TALOS-2022-1575 (CVE-2022-35261 - CVE-2022-35271), a denial-of-service vulnerability in the device's web server hashFirst functionality that could allow an adversary to crash the web server. Another vulnerability, TALOS-2022-1571 (CVE-2022-28127) also exists in the web server on the device, but instead could be exploited to remove arbitrary files, even though a path traversal check is in place. Cisco Talos worked with Robustel to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco's vulnerability disclosure policy. |
Vulnerability Guideline | ||
|
2022-10-12 15:15:09 | CVE-2022-3467 (lien direct) | A vulnerability classified as critical was found in Jiusi OA. Affected by this vulnerability is an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the argument inforid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-210709 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-10-12 14:15:09 | CVE-2022-33106 (lien direct) | WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over. | Guideline | ||
|
2022-10-12 14:03:29 | (Déjà vu) Patrowl lève 2M€ (lien direct) | Patrowl lève 2M€ et conforte sa place de leader français du Pentest as-a-Service Patrowl boucle une première levée de fonds de 2 millions €, conforte sa position de leader avec une solution de cybersécurité unique en France et prépare une levée de fonds série A pour entrer sur le marché américain en 2023. - Business | Guideline | ||
|
2022-10-12 10:15:10 | CVE-2022-3465 (lien direct) | A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | Vulnerability Guideline | ||
|
2022-10-12 10:15:09 | CVE-2022-3464 (lien direct) | A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699. | Vulnerability Guideline | ||
 |
2022-10-12 08:00:03 | Security of Passkeys in the Google Password Manager (lien direct) | Posted by Arnar Birgisson, Software EngineerWe are excited to announce passkey support on Android and Chrome for developers to test today, with general availability following later this year. In this post we cover details on how passkeys stored in the Google Password Manager are kept secure. See our post on the Android Developers Blog for a more general overview.Passkeys are a safer and more secure alternative to passwords. They also replace the need for traditional 2nd factor authentication methods such as text message, app based one-time codes or push-based approvals. Passkeys use public-key cryptography so that data breaches of service providers don't result in a compromise of passkey-protected accounts, and are based on industry standard APIs and protocols to ensure they are not subject to phishing attacks.Passkeys are the result of an industry-wide effort. They combine secure authentication standards created within the FIDO Alliance and the W3C Web Authentication working group with a common terminology and user experience across different platforms, recoverability against device loss, and a common integration path for developers. Passkeys are supported in Android and other leading industry client OS platforms.A single passkey identifies a particular user account on some online service. A user has different passkeys for different services. The user's operating systems, or software similar to today's password managers, provide user-friendly management of passkeys. From the user's point of view, using passkeys is very similar to using saved passwords, but with significantly better security.The main ingredient of a passkey is a cryptographic private key. In most cases, this private key lives only on the user's own devices, such as laptops or mobile phones. When a passkey is created, only its corresponding public key is stored by the online service. During login, the service uses the public key to verify a signature from the private key. This can only come from one of the user's devices. Additionally, the user is also required to unlock their device or credential store for this to happen, preventing sign-ins from e.g. a stolen phone. To address the common case of device loss or upgrade, a key feature enabled by passkeys is that the same private key can exist on multiple devices. This happens through platform-provided synchronization and backup. | Guideline | ||
|
2022-10-12 07:15:08 | CVE-2022-3458 (lien direct) | A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | Vulnerability Guideline | ||
 |
2022-10-12 04:10:00 | Information overload, burnout, talent retention impacting SOC performance (lien direct) | While most security teams believe that security operations centers (SOCs) play a pivotal role in cybersecurity programs, several challenges are impacting SOC performance within businesses, according to a new report. Among these are information overload, worker burnout, and talent retention. The data comes from cybersecurity firm Devo following an independent survey of global SOC leaders (553) and staff members (547), and it adds evidence to reports of security operations becoming harder for teams to perform.SOC teams face numerous pain points, leaders and staff consider quitting In its 2022 Devo SOC Performance Report, the firm discovered that SOC professionals experience significant challenges while performing their duties as SOC leaders and their teams wrestle with several ongoing issues that hamper performance. What's more, Devo's findings suggest that some of the key SOC complications facing organizations date back to the start of the global COVID-19 pandemic in early 2020.To read this article in full, please click here | Guideline | ||
|
2022-10-12 00:00:00 | Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike (lien direct) | We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware. | Ransomware Threat Guideline | ||
|
2022-10-11 21:15:26 | CVE-2022-41209 (lien direct) | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. | Guideline | ||
|
2022-10-11 21:15:26 | CVE-2022-41210 (lien direct) | SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. | Guideline | ||
|
2022-10-11 21:15:14 | CVE-2022-39802 (lien direct) | SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. | Guideline | ||
|
2022-10-11 21:15:13 | CVE-2022-39013 (lien direct) | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | Guideline | ||
|
2022-10-11 21:15:13 | CVE-2022-35296 (lien direct) | Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | Guideline | ||
|
2022-10-11 21:15:13 | CVE-2022-35297 (lien direct) | The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. | Vulnerability Guideline | ||
|
2022-10-11 21:15:12 | CVE-2022-35226 (lien direct) | SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. | Guideline | ||
|
2022-10-11 20:15:24 | Frédéric Grelot, GLIMPS : Nous proposons une " eXtended Malware Analysis Platform " pour accompagner les RSSI dans leur stratégie de rationalisation des produits de cybersécurité (lien direct) | GLIMPS présentera lors des Assises sa solution d'investigations sur les fichiers permettant la détection, l'analyse et la caractérisation des menaces. De plus, GLIMPS mettra en avant ses partenariats avec l'Open XDR Platform pour laquelle GLIMPS s'associe avec six éditeurs du domaine de la cybersécurité pour former une solution commune et ESTAP-360 une plateforme de Sopra Steria qui associe les valeurs technologiques de GLIMPS. Frédéric Grelot, Scientist Lead & Directeur Général de GLIMPS propose aux RSSI de Boostez l'intelligence de leurs lignes de défense ! - Interviews / affiche, ASSISES2022 | Malware Guideline | ★★ | |
|
2022-10-11 20:15:15 | CVE-2022-38086 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin | Vulnerability Guideline | ||
|
2022-10-11 20:15:13 | CVE-2022-20429 (lien direct) | In CarSettings of app packages, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220741473 | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20425 (lien direct) | In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent degradation of performance due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-235823407 | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20418 (lien direct) | In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-231986464 | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20419 (lien direct) | In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-237290578 | Guideline | ★★★★ | |
|
2022-10-11 20:15:12 | CVE-2022-20421 (lien direct) | In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20423 (lien direct) | In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel | Guideline | ||
|
2022-10-11 20:15:12 | CVE-2022-20422 (lien direct) | In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel | Guideline |
To see everything:
Our RSS (filtrered)
