Monday, September 25, 2023

VU#347067: Multiple BGP implementations are vulnerable to improperly formatted BGP updates

Overview Multiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a...

VU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router

Overview An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by...

VU#757109: Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account

Overview Groupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon...

VU#287122: Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process

Overview Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed...

VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329

Overview urllib.parse is a very basic and widely used basic URL parsing function in various applications. Description An...

VU#947701: Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution

Overview Freewill Solutions IFIS new trading web application version is vulnerable to unauthenticated remote code...

VU#813349: Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation

Overview The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service...

VU#653767: Perimeter81 macOS Application Multiple Vulnerabilities

Overview A command injection vulnerability can be used in the Perimeter81 macOS application to run arbitrary...

VU#913565: Hard-coded credentials in Technicolor TG670 DSL gateway router

Overview The Technicolor TG670 Router DSL Gateway Router includes a hard-coded service account that allows for...

VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference...

VU#572615: Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2

Overview TP-Link router WR710N-V1-151022 running firmware published 2015-10-22 and Archer-C5-V2-160201 running firmware published 2016-02-01 are susceptible...

VU#986018: New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities

Overview Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035 contain two...

VU#709991: Netatalk contains muliple error and memory managment vulnerabilities

Overview There are six new vulnerabilities in the latest release of Netatalk (3.1.12) that could allow...

VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management...

VU#794340: OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly

Overview Two buffer overflow vulnerabilities were discovered in OpenSSL versions 3.0.0 through 3.0.6. These vulnerabilities were...
Infosecurity Magazine

BEC Scammer Pleads Guilty to Part in $6m Scheme

Nigerian was extradited to the US from Canada
Infosecurity Magazine

Researchers Spot Novel “Deadglyph” Backdoor

Malware is linked to UAE-backed spies
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
The Hacker News

New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously...