Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Update now! Two zero-days fixed in 2022's last patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#ios#android#windows#apple#google#microsoft#cisco#rce#vmware#auth#zero_day#firefox#sap#ssl
Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

CVE-2022-4439

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

CVE-2022-4440: Stable Channel Update for Desktop

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

Google Launches Scanner to Uncover Open Source Vulnerabilities

OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.

Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware

The company has taken measures to mitigate the risks, but security researchers warn of a broader threat.