{"vulnerability": "CVE-2022-28762", "sightings": [{"uuid": "1b0032ab-f5cf-48e2-9619-ab56b840995e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28762", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/182", "content": "Top Security News for 19/10/2022\n\nAltruism under attack: why cybersecurity has become essential to humanitarian nonprofits\nhttps://www.csoonline.com/article/3676668/altruism-under-attack-why-cybersecurity-has-become-essential-to-humanitarian-nonprofits.html#tk.rss_all \n\nCVE-2022-42889 (Text4Shell) OSS detector - Finds possibly vulnerable JAR files\nhttps://www.reddit.com/r/netsec/comments/y7aohf/cve202242889_text4shell_oss_detector_finds/ \n\nFake tractor fraudsters plague online transactions\nhttps://www.malwarebytes.com/blog/news/2022/10/fake-tractor-fraudsters-plague-online-transactions \n\nISC StormCast for Wednesday, October 19th, 2022\nhttps://isc.sans.edu/podcastdetail.html?id=8220 \n\nData Collection\nhttps://malware.news/t/data-collection/64276#post_1 \n\nCVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration\nhttps://securityaffairs.co/wordpress/137266/security/zoom-macos-cve-2022-28762.html \n\nFortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) + PoC\nhttps://www.reddit.com/r/netsec/comments/y3lgv3/fortios_fortiproxy_and_fortiswitchmanager/ \n\nOur new scanner for Text4Shell\nhttps://www.reddit.com/r/netsec/comments/y7gf09/our_new_scanner_for_text4shell/ \n\nSecurity Alert: Oracle Releases Critical Patch Update, October 2022\nhttps://malware.news/t/security-alert-oracle-releases-critical-patch-update-october-2022/64278#post_1 \n\nHow to spot a scam\nhttps://malware.news/t/how-to-spot-a-scam/64274#post_1 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-10-19T07:00:05.000000Z"}, {"uuid": "18b43713-bcab-4f38-abed-83857a458144", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28762", "type": "seen", "source": "https://t.me/codeby_sec/6714", "content": "\u200b\ud83d\udcf9 \u0412 \u0432\u0435\u0440\u0441\u0438\u0438 Zoom \u0434\u043b\u044f macOS \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u0412 macOS-\u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0432\u0438\u0434\u0435\u043e\u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446\u0438\u0439 Zoom \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-28762 \u0438 7.3 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u043e\u0440\u0442\u0430 \u043e\u0442\u043b\u0430\u0434\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 Zoom \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432 macOS.\n\n\u00abmacOS-\u0432\u0435\u0440\u0441\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Zoom (\u043a\u0430\u043a \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u0430\u044f, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432) \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u043f\u043e\u0440\u0442\u0430 \u043e\u0442\u043b\u0430\u0434\u043a\u0438. \u0411\u0430\u0433 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 5.10.6 \u043f\u043e 5.12.0. \u041b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0440\u0442 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u0432\u043a\u043b\u044e\u0447\u0451\u043d \u0440\u0435\u0436\u0438\u043c \u0440\u0435\u043d\u0434\u0435\u0440\u0438\u043d\u0433\u0430 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0430 \u2014 API Zoom Apps Layers. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0440\u0442 \u043e\u0442\u043b\u0430\u0434\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 Zoom-\u043a\u043b\u0438\u0435\u043d\u0442\u0435\u00bb, \u2014 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Zoom.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0443\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 Zoom \u0434\u043b\u044f macOS.\n\n\ud83d\uddde \u0411\u043b\u043e\u0433 \u041a\u043e\u0434\u0435\u0431\u0430\u0439\n\n#news #zoom #vulnerability", "creation_timestamp": "2022-10-18T12:37:46.000000Z"}, {"uuid": "f5b18954-7872-4108-a712-9ba1d435d6d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28762", "type": "seen", "source": "https://t.me/ctinow/69692", "content": "CVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration\n\nhttps://ift.tt/uzNHUFr", "creation_timestamp": "2022-10-18T09:21:07.000000Z"}, {"uuid": "32bc928c-8c9b-48a0-91c9-6f85108420d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28762", "type": "seen", "source": "https://t.me/cibsecurity/51423", "content": "\u203c CVE-2022-28762 \u203c\n\nZoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T18:28:54.000000Z"}]}