Tag
The company plans to alert 1 million Facebook users that their account credentials may have been compromised by malicious software.
Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0.
Categories: Business We've updated our bug bounty program with increased rewards and a new way to submit vulnerabilities (Read more...) The post Malwarebytes' modernized bug bounty program—here's all you need to know appeared first on Malwarebytes Labs.
In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Android Tags: Qualcomm Tags: WLAN Tags: CVE-2022-25720 Tags: CVE-2022-25718 Tags: CVE-2022-25748 Tags: CVE-2022-20419 Tags: ActivityManager Google has issued patches for 42 vulnerabilities, including four marked critical (Read more...) The post Android vulnerabilities could allow arbitrary code execution appeared first on Malwarebytes Labs.
The infosec conference named after the UK's calling code returned this year with a focus on building a healthy community.
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability if they are running a version prior to 2.35.0. An attacker can exploit this vulnerability by making a victim navigate to a malicious website and guiding them through the OIDC flow, stealing the OAuth authorization code in the process. The authorization code then can be exchanged by the attacker for a token, gaining access to applications accepting that token. Version 2.35.0 has introduced a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.
With 35.6 million downloads the OAuth 2.0 protocol provider has serious downstream attack surface
Ubuntu Security Notice 5660-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2022-6819-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements. Issues addressed include denial of service and deserialization vulnerabilities.