#mac

Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Ubuntu Security Notice 5661-1 - It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for storing passwords for web connections. A local attacker could possibly use this issue to obtain access to passwords stored in the user's configuration data.

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.  Cisco Talos recently discovered an exploitable memory corruption vulnerability in Hancom Office 2020.   Hancom Office is a popular software collection among South Korean users that offers similar products to Microsoft Office, such as word processing and spreadsheet creation and management.   TALOS-2022-1574 (CVE-2022-33896) exists in the way the Hword word processing software processes XML files. An attacker could exploit this vulnerability by tricking the user into opening a specially crafted file, triggering a memory corruption error on the software and potentially leading to remote code execution on the targeted machine.    Cisco Talos worked with Hancom to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.  Users are encouraged to update these affected products as soon as possible: Hancom Offic...

Today, the processing of mountain-high stacks of alarms is considered "security." That system is failing customers and the cybersecurity workforce.

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with

The company plans to alert 1 million Facebook users that their account credentials may have been compromised by malicious software.

Blockchain investigators have uncovered at least $4 million—and counting—in cryptocurrency fundraising has reached Russia's violent militia groups.

Categories: Business We've updated our bug bounty program with increased rewards and a new way to submit vulnerabilities (Read more...) The post Malwarebytes' modernized bug bounty program—here's all you need to know appeared first on Malwarebytes Labs.