Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-31689: VMSA-2022-0028

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token.

CVE
Open in Source
#xss#vulnerability#android#mac#windows#linux#java#vmware#auth
Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

CVE-2022-32588: TALOS-2022-1544 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Cloud9 Malware Offers a Paradise of Cyberattack Methods

The Swiss Army knife-like browser extension is heaven for attackers — and can be hell for enterprise users.

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.

Twitter’s Unpredictable Path Under Elon Musk

By Habiba Rashid Hints of the impending doom that was inevitable with Elon Musk’s $44 billion acquisition of Twitter began to… This is a post from HackRead.com Read the original post: Twitter’s Unpredictable Path Under Elon Musk

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks. "Multiple malware families are currently being hosted within IPFS and retrieved during the initial stages of malware attacks," Cisco Talos researcher Edmund Brumaghin said in an analysis shared with The Hacker News.

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks. IPFS is often used for legitimate

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject