Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send...

Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Overview Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Okazawa Yoshihiro reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Ransomware: February 2022 review

The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. BlackByte...

CVE-2022-26315

creationtimestamp| type| source ---|---|--- 2022-02-28 22:23:26+00:00| seen| https://t.me/cibsecurity/38195...

Microsoft Patch Tuesday February 2022

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2022. I release it pretty late, because of the my previous big episode about the blindspots in the Knowledge Bases of Vulnerability Scanners. Please take a look if you havent seen it. Well, if you are even slightly...

Cisco NX-OS Software NX-API Command Injection Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit thi...

Weekly Threat Digest: 14-20 February 2022

...

CVE-2022-25335

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major...

CVE-2022-25335

RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major...

Exploit for SQL Injection in Zerof Web_Server

Public CVE | CVE Number | Produc...

Security Bulletin: NVIDIA License System - February 2022

NVIDIA has released a software update for the Delegated License Service DLS virtual appliance component of NVIDIA License System to address a security issue that may lead to privilege escalation, impacting confidentiality and integrity. To protect your system, download and install this software...

Microsoft Security Update Validation Report February 2022

Microsoft’s February 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

KB5010343: Windows Azure Stack HCI Security Update (February 2022)

The remote Windows host is missing security update 5010343. It is, therefore, affected by multiple vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid158037; scriptversion"1.3";...

vanbrenk.ca Cross Site Scripting vulnerability OBB-2367181

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft and Other Major Software Firms Release February 2022 Patch Updates

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated...

Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical

Microsoft Patch Tuesday – February 2022 Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a High risk rating CVSSv3.1 score of...

No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day

Oh, blessed day: Microsoft’s Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches — none of them rated critical. For February, Microsoft’s releases address CVEs in Windows and Windows Components, Azure Data Explorer, Kestrel Web...

power-gifts.ru Cross Site Scripting vulnerability OBB-2364263

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

HP Workstation BIOS February 2022 Security Update

A potential security vulnerability has been identified in certain HP Workstation BIOS UEFI firmware which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with minimum versions...

Intel® Wireless Bluetooth® and Killer™ Bluetooth® February 2022 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products which may allow denial of service. Intel is releasing software and firmware updates to mitigate these potential vulnerabilities. Intel has released updates to...