Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

By Habiba Rashid Here is everything you need to know about the first two days at the Pwn2Own hacking contest. This is a post from HackRead.com Read the original post: Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

HackRead
Open in Source
#vulnerability#windows#apple#amazon#vmware#samsung#huawei#xiaomi#zero_day#chrome#firefox
APT37 Uses Internet Explorer Zero-Day to Spread Malware

IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is

Hacker Fails for the Win

Security researchers share their biggest initial screwups in some of their key vulnerability discoveries.

Rackspace Incident Highlights How Disruptive Attacks on Cloud Providers Can Be

A ransomware attack on the company's Hosted Exchange environment disrupted email for thousands of mostly small and midsize businesses.

SentinelOne sentinelagent 22.3.2.5 Privilege Escalation

SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.

Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks

Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups

ASM Can Fill Gaps While Working to Implement SBOM

If compiling a software bill of materials seems daunting, attack surface management tools can provide many of the benefits.

Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released

Categories: Exploits and vulnerabilities Categories: News Tags: V8 Tags: V8 JavaScript Engine Tags: Google Chrome Tags: Chrome Tags: CVE-2022-4262 Tags: 108.0.5359.94 Tags: 108.0.5359.95 Tags: Chrome V8 flaw Tags: type confusion Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you're using the latest version. (Read more...) The post Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released appeared first on Malwarebytes Labs.