Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in

The Hacker News
Open in Source
#web#mac#windows#apple#google#intel#pdf#chrome#The Hacker News
How to Choose the Best Analytics Tools for Mobile Apps

The app market is saturated with over 7 million apps across major stores. Analytics mobile apps have become…

What I’ve learned in my first 7-ish years in cybersecurity

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.

GHSA-crmj-qh74-2r36: Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder

### Impact A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are _not_ affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. ### Patches The bug is fixed in version v0.28.2. ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. ### Credit This bug was found by [OSS-Fuzz](https://github.com/google/oss-fuzz).

GHSA-g9xm-7538-mq8w: Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

### Impact An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are _not_ affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. ### Patches The bug is fixed in version v0.28.2. ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. ### Credit This bug was found by [OSS-Fuzz](https://github.com/google/oss-fuzz).

ClickFix Attack: Fake Google Meet Alerts Install Malware on Windows, macOS

Protect yourself from the ClickFix attack! Learn how cybercriminals are using fake Google Meet pages to trick users…

Is a CPO Still a CPO? The Evolving Role of Privacy Leadership

Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?

ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems, leading to internal information disclosure and misuse of network resources.

Ubuntu Security Notice USN-7073-1

Ubuntu Security Notice 7073-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.