Tag
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.
Increasing complexity in IT continues to lead to breaches and compromises, highlighting the need for more holistic approaches to cyber protection.
Three of the world's leading browsers were measured for phishing and malware protection, with time to block and protection over time as key metrics in test scores.
Categories: News Tags: Twitter Tags: Zatko Tags: Mudge Tags: L0pht Tags: Cult of the dead cow Tags: Infrastructure Tags: bots Tags: Elon Musk Tags: FTC Tags: SEC Tags: whistleblower Former Twitter head of security and ethical hacker Peiter Mudge Zatko has alleged some serious problems about the social media giant. (Read more...) The post Twitter security under scrutiny after former executive turns whistleblower appeared first on Malwarebytes Labs.
Categories: News Tags: Microsoft Tags: ChromeOS Tags: Chrome Tags: Google Tags: audio Tags: bluetooth Tags: exploit Tags: vulnerability Microsoft has released a report detailing a ChromeOS vulnerability reported to Chrome and fixed within a week. (Read more...) The post ChromeOS vulnerability found by Microsoft appeared first on Malwarebytes Labs.
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace]," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu
Peiter “Mudge” Zatko’s claims about the company’s lax security are all bad. But one clearly captures the extent of systemic issues.
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.