Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2867PUBLISHED: 2022-08-17libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
CVE-2022-2868PUBLISHED: 2022-08-17libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
CVE-2022-2869PUBLISHED: 2022-08-17
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering t...
CVE-2022-28751PUBLISHED: 2022-08-17The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
CVE-2022-28752PUBLISHED: 2022-08-17Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
User Rank: Apprentice
12/23/2013 | 6:48:16 PM
Of course all of these activities rarely require the full account info. Generally PCI requires truncation to store transactions but Target may have demonstrated a mitigating factor by encrypting all transactions. Thats why its probably an inside job... someone with access to the necessary decryption information.
Another article I read said the cvv codes were not stolen which meant the stolen accounts are not useful for most on-line purchases.
IMO ... regrdless of this article's title, we don't really know what happened yet.