Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-41992: TALOS-2022-1644 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

CVE
Open in Source
#vulnerability#mac#windows#microsoft#cisco#intel#perl
CVE-2022-46109: IOT_Vul/Tenda/AC10/formSetClientState at main · z1r00/IOT_Vul

Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

CVE-2022-44502: Adobe Security Bulletin

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Chinese APT Group MirrorFace Interferes in Japanese Elections

The MirrorFace group has deployed popular malware LodeInfo for spying and data theft against certain members of the Japanese House of Representatives.

Red Hat Security Advisory 2022-9078-01

Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities

Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as UNC4166

Virtual kidnapping scam strikes again. Spot the signs

Categories: News Tags: virtual kidnapping Tags: kidnap Tags: scam Tags: fake Tags: fraud Tags: ransom Tags: victim Tags: wire transfer Tags: digital payment Tags: venmo Tags: cashapp Tags: social engineering Tags: phone call Tags: mobile Tags: relative A recent scam has been making the rounds that attempts to fool you into thinking a loved one has been kidnapped. (Read more...) The post Virtual kidnapping scam strikes again. Spot the signs appeared first on Malwarebytes Labs.

Mastodon Account Suspended from Twitter Following Ban on Server Links

By Habiba Rashid Elon Musk's Twitter is on a suspension spree. This is a post from HackRead.com Read the original post: Mastodon Account Suspended from Twitter Following Ban on Server Links

Update now! Apple patches active exploit vulnerability for iPhones

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS 16.1.2 Tags: Safari 16.2 Tags: CVE-2022-42856 Tags: type confusion Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited (Read more...) The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by