Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-29855: Security Advisories

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

CVE
Open in Source
#sql#xss#vulnerability#web#android#windows#microsoft#linux#dos#apache#java#oracle#php#rce#ldap#samba#ssrf#log4j#buffer_overflow#auth#ssh#ssl
CVE-2022-30557: Security Bulletins | Foxit Software

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

Microsoft Simplifies Security Patching Process for Exchange Server

Delivering hotfixes and system updates separately will allow manual patching without requiring elevated permissions, Microsoft said.

Quantum Ransomware Strikes Quickly, How to Prepare and Recover

NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.

CVE-2022-23743: ZoneAlarm Extreme Security release history official page

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119

CVE-2022-23743: ZoneAlarm Extreme Security release history official page

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.

Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

Founders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.

The EU Wants Big Tech to Scan Your Private Chats for Child Abuse

Europe’s proposed child protection laws could undermine end-to-end encryption for billions of people.

Update now! Microsoft releases patches, including one for actively exploited zero-day

May's Patch Tuesday includes one actively exploited zero-day vulnerability and some other interesting ones. The post Update now! Microsoft releases patches, including one for actively exploited zero-day appeared first on Malwarebytes Labs.

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.