Aggregator

A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. This affects an unknown part of the file /goform/WifiBasicSet. The manipulation of the argument Security leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-47117. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda A15 15.13.07.13. This issue affects some unknown processing of the file /goform/WifiBasicSet. The manipulation of the argument ssid leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-47119. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. This vulnerability is traded as CVE-2022-47120. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in Tenda A15 15.13.07.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/WifiBasicSet. The manipulation of the argument wepkey leads to stack-based buffer overflow. This vulnerability is known as CVE-2022-47121. The attack needs to be done within the local network. There is no exploit available.

Microsoft перезапускает функцию тотальной цифровой памяти.

A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original access vector was locked down, Fortinet has revealed on Thursday. “[Read-only access] was achieved via creating a symbolic link connecting the user filesystem and the root filesystem in a folder used to serve language files for the SSL-VPN,” Fortinet CISO Carl … More →

The post Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices appeared first on Help Net Security.

Microsoft a year ago was about to launch Recall, a Windows feature for Copilot+ PCs that takes regular screenshots of users' systems and stores them so they can be searched for later. Privacy and security concerns forced the company to pull it back and rework it. Now it is in preview with Windows Insiders.

The post Microsoft Moves Forward With Controversial Recall Feature appeared first on Security Boulevard.

Telegram рулит ботом, а Роскомнадзор — процессом.

The most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.

​Microsoft is gradually rolling out the AI-powered Windows Recall feature to Insiders in the Release Preview channel before making it generally available to all Windows users with Copilot+ PCs. [...]

Cybercriminals have launched a sophisticated malware campaign targeting Android users through fake traffic violation messages on WhatsApp. The malware, disguised as “NextGen mParivahan,” mimics the official government application developed by the Ministry of Road Transport & Highways, which provides digital access to driving licenses, vehicle registration certificates, and other transport services. The attack begins with […]

The post Beware of Fake mParivahan App Attacking Mobile Users Via WhatsApp to Steal Sensitive Data appeared first on Cyber Security News.

A high severity vulnerability in DICOM, the healthcare industry’s standard file protocol for medical imaging, has remained exploitable years after its initial disclosure. The flaw enables attackers to embed malicious code within legitimate medical image files. While previous research demonstrated this vulnerability’s impact on Windows-based medical systems, Praetorian’s new proof of concept, ELFDICOM, extends the […]

The post ELFDICOM: PoC Malware Polyglot Exploiting Linux-Based Medical Devices appeared first on Praetorian.

The post ELFDICOM: PoC Malware Polyglot Exploiting Linux-Based Medical Devices appeared first on Security Boulevard.

Western Sydney University (WSU) announced two security incidents that exposed personal information belonging to members of its community. [...]