Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

CVE
#sql#vulnerability#web#mac#windows#apple#google#amazon#linux#apache#memcached#nodejs#js#git#java#oracle#kubernetes#intel#php#c++#ldap#nginx#aws#log4j#graalvm#auth#ssh#dell#zero_day#ruby#docker#asp.net#maven#ssl
CVE-2023-29887: Arbitrary File Read vulnerability – PHP library nuovo/spreadsheet-reader 0.5.11 – HiSolutions Research

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.

APT41 Taps Google Red-Teaming Tool in Targeted Info-Stealing Attacks

China-linked APT41 group targeted a Taiwanese media organization and an Italian job agency with standard, open source penetration test tools, in a change in strategy.

'Goldoson' Malware Sneaks into Google Play Apps, Racks Up 100M Downloads

Malware that can steal data, track location, and perform click fraud was inadvertently built into apps via an infected third-party library, highlighting supply chain risk.

How Zero Trust Can Protect Systems Against Generative AI Agents

Researchers explore a love-hate relationship with AI tools like ChatGPT, which can be used to both attack and defend more efficiently.

Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps in

Spring cleaning tips for your browser

Categories: News Tags: Some tips that can enhance your browser's speed Tags: so you have more time to enjoy the outdoors Some tips that can enhance your browser's speed, so you have more time to enjoy the outdoors. (Read more...) The post Spring cleaning tips for your browser appeared first on Malwarebytes Labs.

Google Issues Emergency Chrome Update for Zero-Day Bug

Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.

American Fuzzy Lop plus plus 4.06c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that