Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is

The Hacker News
Open in Source
#android#mac#windows#google#microsoft#git#intel#samsung#The Hacker News
December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

CVE-2022-4440: Stable Channel Update for Desktop

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-4439

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

Google Launches Scanner to Uncover Open Source Vulnerabilities

OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.

Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware

The company has taken measures to mitigate the risks, but security researchers warn of a broader threat.

Google Launches Largest Distributed Database of Open Source Vulnerabilities

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared