Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA

Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year. Tracked as CVE-2022-34689 (CVSS score: 7.5), the spoofing vulnerability was addressed by the tech giant as part of Patch Tuesday updates released in

The Hacker News
#vulnerability#web#windows#google#microsoft#git#auth#chrome#sap#The Hacker News
CVE-2023-0474: Chromium: CVE-2023-0474 Use after free in GuestView

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2023-0473: Chromium: CVE-2023-0473: Type Confusion in ServiceWorker

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2023-0472: Chromium: CVE-2023-0472 Use after free in WebRTC

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2023-0471: Chromium: CVE-2023-0471 Use after free in WebTransport

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 109.0.1343.27 109.0.5414.119/.120 1/26/2023 Extended Stable 108.0.1293.81 108.0.5359.215 1/26/2023

Google Pushes Privacy to the Limit in Updated Terms of Service

In the Play Store's ToS, a paragraph says Google may remove "harmful" applications from users' devices. Is that a step too far?

Multicloud Security Challenges Will Persist in 2023

Some predictions about impending security challenges, with a few tips for proactively addressing them.

Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017. According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track[.]violetlovelines[.]com" that's designed to redirect visitors to unwanted sites. The latest operation is

Consumer privacy and social media

Categories: News Categories: Privacy Tags: Social media Tags: privacy Tags: policies Tags: fines Tags: legislation Tags: scraping Tags: advertising Social media platforms are making a lot of money with targeted advertising. To improve the targeting, they want us much of your data as you are willing to give up... (Read more...) The post Consumer privacy and social media appeared first on Malwarebytes Labs.

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.”