Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-32215: July 7th 2022 Security Releases | Node.js

The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE
Open in Source
#vulnerability#web#mac#windows#google#linux#nodejs#js#git#perl#firefox#ssl
Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to Wikileaks

Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to

Endpoint security for Mac: 3 best practices

In this post, we break down three endpoint security for Mac best practices to help you prevent phishing attacks, DDoS attacks, and much more. The post Endpoint security for Mac: 3 best practices appeared first on Malwarebytes Labs.

CVE-2022-2396: CVE/POC.md at 83c243538386cd0761025f85eb747eab7cae5c21 · CyberThoth/CVE

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Transparent Tribe begins targeting education sector in latest campaign

Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group.This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government entities.The attacks result in... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Researchers Devise New Speculative Execution Attacks Against Some Intel, AMD CPUs

"Retbleed" bypasses a commonly used mechanism for protecting against a certain kind of side-channel attack.

Ransomware rolled through business defenses in Q2 2022

2022 is shaping up to be another banner year for ransomware, which continued to dominate the threat landscape in Q2. The post Ransomware rolled through business defenses in Q2 2022 appeared first on Malwarebytes Labs.

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

While the war in Ukraine still rages, various threat actors continue to launch cyber attacks against its government entities. In this blog we review the latest campaign from the UAC-0056 threat group. The post Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign appeared first on Malwarebytes Labs.

New ‘Retbleed’ Attack Can Swipe Key Data From Intel and AMD CPUs

The exploit can leak password information and other sensitive material, but the chipmakers are rolling out mitigations.