Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Debian Security Advisory 5345-1

Debian Linux Security Advisory 5345-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Packet Storm
Open in Source
#linux#debian#dos#chrome
Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation. "The threat actor

CVE-2023-23374: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

CVE-2023-21794: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2022-45527: IMS has an arbitrary file upload vulnerability · Issue #2 · Future-Depth/IMS

File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.

CVE-2022-45526: IMS has SQL injection vulnerability · Issue #1 · Future-Depth/IMS

SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.

Stalkerware-type app developers fined by NY Attorney General

Categories: News Tags: stalkerware Tags: mobile Tags: device Tags: NYAG Tags: monitoring Tags: New York Tags: app Tags: developer We take a look at news that the NYAG has penalised developers of stalkerware-type apps, and the ramifications for those developers further down the line. (Read more...) The post Stalkerware-type app developers fined by NY Attorney General appeared first on Malwarebytes Labs.

CVE-2022-47419: Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system.

CVE-2023-0705: Stable Channel Update for Desktop

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS

Categories: Business See how our new offering Malwarebytes Security for Business helps you crush mobile malware and phishing attacks. (Read more...) The post Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS appeared first on Malwarebytes Labs.