#chrome

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Categories: News Tags: cryptojackers Tags: CISA Tags: Reddit Tags: social engineering Tags: Google Tags: PLex Tags: Hikvision Tags: patch management Tags: ChromeOS Tags: Twitter Tags: Binance Tags: Gitlab Tags: TrickBot Tags: LastPass The important security news of this week (Read more...) The post A week in security (August 22 - August 28) appeared first on Malwarebytes Labs.

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web

The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.

Three of the world's leading browsers were measured for phishing and malware protection, with time to block and protection over time as key metrics in test scores.

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week

Categories: News Tags: Microsoft Tags: ChromeOS Tags: Chrome Tags: Google Tags: audio Tags: bluetooth Tags: exploit Tags: vulnerability Microsoft has released a report detailing a ChromeOS vulnerability reported to Chrome and fixed within a week. (Read more...) The post ChromeOS vulnerability found by Microsoft appeared first on Malwarebytes Labs.

WordPress Duplicator plugin version 1.4.7.2 suffers from a backup disclosure vulnerability.

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers