#mac

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

Plus: Google patches 36 Android vulnerabilities, Cisco fixes three high-severity issues, and VMWare closes two “serious” flaws.

Plus: Google patches 36 Android vulnerabilities, Cisco fixes three high-severity issues, and VMWare closes two “serious” flaws.

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1552: postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the … Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability Read More »

By Deeba Ahmed Nao_Sec cybersecurity researchers state the “odd-looking” MS Word document was uploaded on VirusTotal from a Belarus IP address.… This is a post from HackRead.com Read the original post: Researchers Warn of New Microsoft Office 0-Day Vulnerability “Follina”

Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina. The post Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) appeared first on Malwarebytes Labs.

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.

Schneider Electric C-Bus Automation Controller (5500SHAC) version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up (init) script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with root privileges that will grant full control of the device.