Tag
A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.
A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.
Categories: Exploits and vulnerabilities Categories: News Tags: Discord Tags: Spotify Tags: MicrosoftTeams Tags: Electron Tags: ElectronJS Tags: NodeJS Tags: V8 Chrome Tags: Log4Shell Tags: Log4j A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, and many others (Read more...) The post Researchers found one-click exploits in Discord and Teams appeared first on Malwarebytes Labs.
In her keynote address at Black Hat USA 2022, Kim Zetter gives a scathing rebuke of Colonial Pipeline for not foreseeing the attack.
Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference.
The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up.
Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.
The Rust Security Response WG and the crates.io team [were notified][1] on 2022-05-02 of the existence of the malicious crate `rustdecimal`, which contained malware. The crate name was intentionally similar to the name of the popular [`rust_decimal`][2] crate, hoping that potential victims would misspell its name (an attack called "typosquatting"). To protect the security of the ecosystem, the crates.io team permanently removed the crate from the registry as soon as it was made aware of the malware. An analysis of all the crates on crates.io was also performed, and no other crate with similar code patterns was found. Keep in mind that the [`rust_decimal`][2] crate was **not** compromised, and it is still safe to use. ## Analysis of the crate The crate had less than 500 downloads since its first release on 2022-03-25, and no crates on the crates.io registry depended on it. The crate contained identical source code and functionality as the legit `rust_decimal` crate, except for the ...
Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.