Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover

Empower buyers and stop fixating about zero-days, conference attendees told

PortSwigger
Open in Source
#vulnerability#web#ios#google#zero_day#chrome
SentinelOne sentinelagent 22.3.2.5 Privilege Escalation

SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.

Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks

Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups

ASM Can Fill Gaps While Working to Implement SBOM

If compiling a software bill of materials seems daunting, attack surface management tools can provide many of the benefits.

Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released

Categories: Exploits and vulnerabilities Categories: News Tags: V8 Tags: V8 JavaScript Engine Tags: Google Chrome Tags: Chrome Tags: CVE-2022-4262 Tags: 108.0.5359.94 Tags: 108.0.5359.95 Tags: Chrome V8 flaw Tags: type confusion Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you're using the latest version. (Read more...) The post Update now! Emergency fix for Google Chrome's V8 JavaScript engine zero-day flaw released appeared first on Malwarebytes Labs.

Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25

Categories: Podcast This week on Lock and Code, we explore why security advisories—which businesses rely on to inform them about security patches—are falling short of their intended goals. (Read more...) The post Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 appeared first on Malwarebytes Labs.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

By Habiba Rashid A Barcelona-based company, a spyware vendor named Variston IT, is exploiting flaws under the guise of a custom cybersecurity solutions provider. This is a post from HackRead.com Read the original post: Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018. "Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to