Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-0129: Chromium:CVE-2023-0129: Heap buffer overflow in Network Service

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#web#google#microsoft#buffer_overflow#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter?

We tried to get ChatGPT to write this week’s newsletter but it was at capacity, so you’ll have to stick with us for another week. Or maybe that’s just what the robots want you to think, you be the judge

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in

Hacker Space Rogue to Release Book on Hacking Group L0pht Heavy Industries in February

Space Rogue gives a behind the scenes look at the famous hacking group, their senate testimony, and how their legacy continues to shape the security of the online world today.

CVE-2023-21796: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

CVE-2023-21775: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

WhatsApp lawsuit against NSO Group greenlit by Supreme Court

Categories: News Tags: Pegasus Tags: spyware Tags: Pegasus spyware Tags: NSO Group Tags: NSO Tags: Apple Tags: WhatsApp Tags: Meta Tags: Foreign Sovereign Immunity Act The US Supreme Court essentially gave Meta’s WhatsApp the go ahead to pursue their case against Pegasus’s NSO Group. (Read more...) The post WhatsApp lawsuit against NSO Group greenlit by Supreme Court appeared first on Malwarebytes Labs.

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: CVE-2023-21674 Tags: APLC Tags: CVE-2023-21743 Tags: Sharepoint Tags: CVE-2023-21563 Tags: BitLocker The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges (Read more...) The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.