Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card.  NVIDIA graphics... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
Open in Source
#vulnerability#mac#cisco#perl
Long lost @ symbol gets new life obscuring malicious URLs

A little-used feature of web addresses is being used to obfuscate malicious phishing URLs. The post Long lost @ symbol gets new life obscuring malicious URLs appeared first on Malwarebytes Labs.

Bitdefender Launches Identity Theft Protection Service for U.S. Consumers

New offering provides credit and financial monitoring along with identity protection and restoration.

UpdateAgent Returns with New macOS Malware Dropper Written in Swift

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its various payloads and perform its infection status updates to the server," researchers from Jamf Threat

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers. The cryptojacking botnet first emerged in December 2020. "Sysrv-K scans the

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.  "Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a

CVE-2022-1679: [PATCH v3 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2022-30523: Security Bulletin: Trend Micro Password Manager Link Following Privilege Escalation Vulnerability

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.