Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries

A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.

DARKReading
Open in Source
#web#mac#microsoft#git#intel#backdoor#chrome
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure

The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.

CVE-2022-2856: Chromium: CVE-2022-2856 Insufficient validation of untrusted input in Intents

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Tracked as CVE-2022-2856, the issue has been described as a case of insufficient validation of untrusted input in Intents. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on

Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese Hackers

A Chinese state-sponsored threat activity group named RedAlpha has been attributed to a multi-year mass credential theft campaign aimed at global humanitarian, think tank, and government organizations. "In this activity, RedAlpha very likely sought to gain access to email accounts and other online communications of targeted individuals and organizations," Recorded Future disclosed in a new

Microsoft Rolls Out Tamper Protection for Macs

The new feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.

How to secure a Windows PC for your kids

Categories: Personal What to think about when preparing your child's Windows device for the new school year. (Read more...) The post How to secure a Windows PC for your kids appeared first on Malwarebytes Labs.

CVE-2022-25799: Unvalidated Redirects and Forwards - OWASP Cheat Sheet Series

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.

Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign

"Seaborgium" is a highly persistent threat actor that has been targeting organizations and individuals of likely interest to the Russian government since at least 2017, company says.

Multiple cloud vendors impacted by PostgreSQL vulnerability that exposed enterprise databases

Flaws discovered in various PostgreSQL-as-a-Service offerings, including those from Microsoft and Google