Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.

DARKReading
Open in Source
#amazon#git#intel#vmware#auth
CVE-2022-40277: GitHub - laurent22/joplin: Joplin - an open source note taking and to-do application with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

Cyera Survey Finds One in Three Respondents Want to Minimize Cloud Data Risk

Multiple providers say 'cloud data sprawl' makes managing cloud data risk a priority initiative within the next 12 months.

GHSA-5c6q-f783-h888: AWS Redshift JDBC Driver fails to validate class type during object instantiation

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.

CVE-2022-41828: Release of 2.1.0.8 version · aws/amazon-redshift-jdbc-driver@40b143b

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.

Fast Company hacked to send obscene and racist messages

Categories: Cybercrime Categories: News The US business magazine appeared to have two separate and related incidents in which it was compromised. (Read more...) The post Fast Company hacked to send obscene and racist messages appeared first on Malwarebytes Labs.

New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials

Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety

Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards

Categories: News Categories: Privacy Meta is being sued by a couple of its users for allegedly deliberately circumventing Apple's privacy features on the iPhone. (Read more...) The post Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards appeared first on Malwarebytes Labs.

Exchange servers abused for spam through malicious OAuth applications

Categories: News Tags: Exchange Tags: OAuth Tags: spam Tags: MFA Tags: Transport rules Tags: connector Threat actors have been using malicious OAuth applications to abuse Microsoft Exchange servers for their spam campaign. (Read more...) The post Exchange servers abused for spam through malicious OAuth applications appeared first on Malwarebytes Labs.

CVE-2022-38970: ieGeek Vulnerabilities still prevalent in 2022 - Amazon Ft. IG20

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.