bioyino-metric (>=0.1.0 <=0.2.0), capnp-futures (>=0.10.0 <=0.12.0) +12 more potentially affected by CVE-2022-46149 via capnp (>=0.0.1 <=0.12.4)

capnp CARGO version =0.0.1, =0.1.0, =0.10.0, =0.0.1, =0.0.1, =0.2.8, =1.0.0, =0.0.5, =0.3.0, =0.0.9, =0.2.0, =0.3.1 Source cves: CVE-2022-46149 Source advisory: OSV:GHSA-QQFF-4VW4-F6HX...

OPENSUSE-SU-2022:0072-1 Security update for bitcoin

This update for bitcoin fixes the following issues: Update to version 0.21.2 P2P protocol and network code use NetPermissions::HasFlag in CConnman::Bind Rate limit the processing of rumoured addresses Wallet Do not iterate a directory if having an error while accessing it RPC Reset scantxoutset...

Security update for bitcoin (moderate)

openSUSE Security Update: Security update for bitcoin Announcement ID: openSUSE-SU-2022:0072-1 Rating: moderate References: Cross-References: CVE-2021-3195 CVSS scores: CVE-2021-3195 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP3 An update...

FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors

A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "the decentralized botnet targets any device that expos...

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit SDK that could be abused by an adversary to gain improper access to audio and video streams. "Successful...

Reolink P2P Cameras

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Reolink Equipment: P2P protocol Vulnerabilities: Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...

HEH P2P Botnet Sports Dangerous Wiper Function

A freshly discovered botnet dubbed HEH by researchers is casting a wide net, looking to infect any and all devices that use Telnet on ports 23/2323. It’s particularly destructive: It contains code that wipes all data from infected systems. Perhaps ironically, its operators also have a penchant fo...

ALERT! Hackers targeting IoT devices with a new P2P botnet malware

Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language a...

Detect FritzFrog and Other Malware Infections with Inventory Data

Recently, Guardicore researchers discovered a new type of malware called “FritzFrog,” which targets multiple industry verticals, including government, finance, and healthcare. It employs brute-forcing SSH credentials as an initial attack vector, uses a proprietary P2P protocol to efficiently...

iMesh <= 7.1.0.x (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit

No description provided by source. !-- iMesh = 7.1.0.x IMWebControl Class IMWeb.dll 7.0.0.x remote heap exploit IE7/XP full patched by rgod, site: http://retrogod.altervista.org/ software site: http://www.imesh.com iMesh is a file sharing and online social network. It uses a proprietary,...

New Storm Variant Merely a Spambot, Experts Say

The new piece of malware that surfaced this week and has been hailed as a return of the Storm worm, is in fact simply the worm’s original spam engine with some new components wrapped around it, researchers say, and not a rebirth of the botnet itself. Storm was a major botnet threat during its...

Honeynet Project finds way to fingerprint Conficker infections

Just days ahead of an April 1st activation date for the Conficker worm, a pair of security researchers from the Honeynet Project have scored a major breakthrough, finding a way to remotely and anonymously fingerprint the malware on infected networks. Now, with the help of Dan Kaminsky and Rich...

iMesh 7.1.0.x - &#039;IMWeb.dll 7.0.0.x&#039; Remote Heap Overflow

!-- iMesh = 7.1.0.x IMWebControl Class IMWeb.dll 7.0.0.x remote heap exploit IE7/XP full patched by rgod, site: http://retrogod.altervista.org/ software site: http://www.imesh.com "iMesh is a file sharing and online social network. It uses a proprietary, centralized, P2P protocol. iMesh is owned ...

BitTorrent P2P Protocol Detection

Binary data 2576.prm...