Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-40608: IBM Spectrum Protect Plus directory traversal CVE-2022-40608 Vulnerability Report

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

CVE
#vulnerability#mac#microsoft#ibm
CVE-2022-40980

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.

Hookup site targeted by typo-squatters

Categories: News Tags: typosquatting Tags: sniffies Tags: extensions Tags: fake av Tags: screen locker Tags: advertising Tags: PUP.Optional.AdMax A researcher found a list of over 50 shady domains based on spelling variations of the brand name Sniffies. (Read more...) The post Hookup site targeted by typo-squatters appeared first on Malwarebytes Labs.

Uber Hacker Targets Rockstar Games, Leaks Trove of GTA 6 Data

By Waqas Rockstar Games has acknowledged the breach stating that the company is "extremely disappointed" to have any details of their next game shared with the public in such a way. This is a post from HackRead.com Read the original post: Uber Hacker Targets Rockstar Games, Leaks Trove of GTA 6 Data

Microsoft Teams' GIFShell Attack: What Is It and How You Can Protect Yourself from It

Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been

Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's

SoX 14.4.2 (wav.c) Division By Zero

SoX suffers from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

How to Use DuckDuckGo’s Privacy-First Email Service

Tired of advertisers spying on your private communications? This beta promises to kick tracking technology to the curb.

The Uber Hack’s Devastation Is Just Starting to Reveal Itself

An alleged teen hacker claims to have gained deep access to the company’s systems, but the full picture of the breach is still coming into focus.

CVE-2022-38611: WatchDog Anti-Virus Research

Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.