#mac

Red Hat Security Advisory 2022-1759-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds access, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-2074-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Issues addressed include information leakage and null pointer vulnerabilities.

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool.

May's Patch Tuesday includes one actively exploited zero-day vulnerability and some other interesting ones. The post Update now! Microsoft releases patches, including one for actively exploited zero-day appeared first on Malwarebytes Labs.

By Deeba Ahmed The novel Nerbian RAT (remote access trojan) is currently targeting’ entities in Spain, Italy, and the United Kingdom.… This is a post from HackRead.com Read the original post: Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims.As part of this, there's a new trojan based on Apost Talos is calling "ZxxZ," that, among other... [[ This is only the beginning! Please visit the blog for the complete entry ]]