Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Apple Fixed a Serious iOS Security Flaw—Have You Updated Yet?

Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant patch, and more.

Wired
Open in Source
#sql#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#cisco#rce#vmware#nokia#samsung#auth#ibm#zero_day#chrome#webkit
Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users' browsing activity and profit of retail affiliate programs. "The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website," McAfee researchers Oliver Devane and Vallabh Chole

Malicious Chrome Extensions Plague 1.4M Users

Analysts find five cookie-stuffing extensions, including one that's Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.

Google Expands Bug Bounties to Its Open Source Projects

The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects — with a focus on critical software such as Go and Angular.

Chromium browsers can write to the system clipboard without your permission

Categories: Exploits and vulnerabilities Categories: News Tags: Chrome Tags: Chromium Tags: clipboard Tags: Jeff Johnson Tags: clipboard manager Tags: Google doodles Chromium browsers can write to the system clipboard without user consent or knowledge (Read more...) The post Chromium browsers can write to the system clipboard without your permission appeared first on Malwarebytes Labs.

CVE-2022-38784: Poppler

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

A week in security (August 22 - August 28)

Categories: News Tags: cryptojackers Tags: CISA Tags: Reddit Tags: social engineering Tags: Google Tags: PLex Tags: Hikvision Tags: patch management Tags: ChromeOS Tags: Twitter Tags: Binance Tags: Gitlab Tags: TrickBot Tags: LastPass The important security news of this week (Read more...) The post A week in security (August 22 - August 28) appeared first on Malwarebytes Labs.

CVE-2022-2787: [SECURITY] [DSA 5213-1] schroot security update

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

The North Korean nation-state group Kimusky has been linked to a new set of malicious activities directed against political and diplomatic entities located in its southern counterpart in early 2022. Russian cybersecurity firm Kaspersky codenamed the cluster GoldDragon, with the infection chains leading to the deployment of Windows malware designed to file lists, user keystrokes, and stored web

CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit

The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.