Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Hacker Fails for the Win

Security researchers share their biggest initial screwups in some of their key vulnerability discoveries.

DARKReading
Open in Source
#vulnerability#mac#microsoft#buffer_overflow#zero_day#wifi
Rackspace Incident Highlights How Disruptive Attacks on Cloud Providers Can Be

A ransomware attack on the company's Hosted Exchange environment disrupted email for thousands of mostly small and midsize businesses.

SentinelOne sentinelagent 22.3.2.5 Privilege Escalation

SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.

Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks

Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups

ASM Can Fill Gaps While Working to Implement SBOM

If compiling a software bill of materials seems daunting, attack surface management tools can provide many of the benefits.

Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released

Categories: Exploits and vulnerabilities Categories: News Tags: V8 Tags: V8 JavaScript Engine Tags: Google Chrome Tags: Chrome Tags: CVE-2022-4262 Tags: 108.0.5359.94 Tags: 108.0.5359.95 Tags: Chrome V8 flaw Tags: type confusion Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you're using the latest version. (Read more...) The post Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released appeared first on Malwarebytes Labs.

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

Categories: Podcast This week on Lock and Code, we explore why security advisories—which businesses rely on to inform them about security patches—are falling short of their intended goals. (Read more...) The post Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 appeared first on Malwarebytes Labs.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

By Habiba Rashid A Barcelona-based company, a spyware vendor named Variston IT, is exploiting flaws under the guise of a custom cybersecurity solutions provider. This is a post from HackRead.com Read the original post: Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days