Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution | allinfosecnews.com

Aug. 3, 2022, 6:46 p.m. | Jon Munshaw (noreply@blogger.com)

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com

Jaewon Min of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.

Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines.

TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac …

antivirus code code execution cve program scanning securex spotlight virus vulnerabilities vulnerability

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices 12 hours ago | blog.talosintelligence.com

apt campaign campaigns devices +15

Suspected CoralRaider continues to expand victimology using three information stealers 1 day, 16 hours ago | blog.talosintelligence.com

apt argument bypass command +17

What’s the deal with the massive backlog of vulnerabilities at the NVD? 5 days, 16 hours ago | blog.talosintelligence.com

backlog current deal management +10

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation? 6 days, 10 hours ago | blog.talosintelligence.com

account blocked court disinformation +8

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal 1 week ago | blog.talosintelligence.com

cisco cisco talos code confidential +20

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials 1 week, 1 day ago | blog.talosintelligence.com

attacks brute brute-force cisco +24

The internet is already scary enough without April Fool’s jokes 1 week, 6 days ago | blog.talosintelligence.com

april backdoor community internet +7

Vulnerability in some TP-Link routers could lead to factory reset 2 weeks ago | blog.talosintelligence.com

amd directx driver factory +10

April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution 2 weeks, 1 day ago | blog.talosintelligence.com

april code code execution critical +10

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Audit and Compliance Technical Analyst

@ Accenture Federal Services | Washington, DC

View on infosec-jobs.com

ICS Cyber Threat Intelligence Analyst

@ STEMBoard | Arlington, Virginia, United States

View on infosec-jobs.com

Cyber Operations Analyst

@ Peraton | Arlington, VA, United States

View on infosec-jobs.com

Cybersecurity – Information System Security Officer (ISSO)

@ Boeing | USA - Annapolis Junction, MD

View on infosec-jobs.com

Network Security Engineer I - Weekday Afternoons

@ Deepwatch | Remote

View on infosec-jobs.com