Security News > 2023 > January > Week in review: Critical git vulnerabilities, increasingly malicious Google Search ads

Week in review: Critical git vulnerabilities, increasingly malicious Google Search ads
2023-01-22 09:30

Cacti servers under attack by attackers exploiting CVE-2022-46169If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw.

PoC for critical ManageEngine bug to be released, so get patching!If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they've been updated to a non-vulnerable version because Horizon3 will be releasing technical details and a PoC exploit this week.

Google ads increasingly pointing to malwareThe FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software - an old tactic that has lately resulted in too many malicious ads served to users searching for software, cracked software, drivers - anything that can be downloaded, really - via Google and Bing.

Critical RCE vulnerabilities found in gitA source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development.

Post-quantum cybersecurity threats loom largeA new Zapata Computing report reveals a deepening commitment from enterprises that points to a maturing industry with widespread, global interest and increased urgency regarding post-quantum cybersecurity threats.

Techniques that attackers use to trick victims into visiting malicious contentIn this Help Net Security video, Ray Canzanese, Threat Research Director at Netskope, talks about the impact of two different types of harmful content: malware downloads and malicious web content.


News URL

https://www.helpnetsecurity.com/2023/01/22/week-in-review-critical-git-vulnerabilities-increasingly-malicious-google-search-ads/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2022-47966 Unspecified vulnerability in Zohocorp products
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
network
low complexity
zohocorp
critical
9.8
2022-12-05 CVE-2022-46169 Incorrect Authorization vulnerability in Cacti
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users.
network
low complexity
cacti CWE-863
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4231 4523 732 9742