Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Revisions to US Computer Fraud and Abuse Act will not prosecute ‘good-faith’ security research

DoJ makes long-anticipated changes to established computer crime laws

PortSwigger
Open in Source
#vulnerability#web#mac#intel#pdf
Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place when an adversary mimics the name of a popular package on a public registry in hopes that developers

CVE-2022-28987: vulnerability-research/adselfservice-userenum.md at main · passtheticket/vulnerability-research

ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.

Threat Source newsletter (May 19, 2022) — Why I'm missing the days of iPods and LimeWire

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

Red Hat Security Advisory 2022-4668-01

Red Hat Security Advisory 2022-4668-01 - Red Hat OpenShift Virtualization release 4.10.1 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

CVE-2022-22976: CVE-2022-22976 | Security

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

CVE-2022-30018: MxCC_Credential-Storage_issue/MxCC_improper_credential_storage at main · PurplePetrus/MxCC_Credential-Storage_issue

Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations.

Cardiologist moonlighted as successful ransomware developer

Moises Luis Zagala, cardiologist by day, ransomware developer by night, has been charged by the US government for computer crimes. The post Cardiologist moonlighted as successful ransomware developer appeared first on Malwarebytes Labs.