Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

Wired
Open in Source
#vulnerability#web#android#mac#windows#apple#google#microsoft#cisco#oracle#intel#auth#zero_day#chrome#firefox#sap
CVE-2023-27973: Certain HP LaserJet Pro Print Products - Potential Heap Overflow, Remote Code Execution

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.

CVE-2023-27972: Certain HP LaserJet Pro Print Products - Potential Buffer Overflow, Remote Code Execution

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.

CVE-2023-27971: Certain HP LaserJet Pro Print Products - Potential Buffer Overflow, Elevation of Privilege

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.

LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities

Categories: News Categories: Ransomware Tags: PaperCut Tags: Cl0p Tags: LockBit Vulnerabilities in PaperCut printing management are being used in ransomware attacks. (Read more...) The post LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities appeared first on Malwarebytes Labs.

Why Your Detection-First Security Approach Isn't Working

Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly

Update now: Critical flaw in VMWare Fusion and VMWare Workstation

Categories: News Tags: VMware Tags: workstation Tags: fusion Tags: virtual machine Tags: SCSI Tags: DVD Tags: CD Tags: virtualisation Tags: exploit Tags: vulnerability Tags: flaw Tags: CVE VMWare has released fixes and mitigations for three Important and one Critical vulnerability in its Fusion and Workstation software. (Read more...) The post Update now: Critical flaw in VMWare Fusion and VMWare Workstation appeared first on Malwarebytes Labs.

CVE-2022-38730: Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 2

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505, and Evil