Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-1479: Chromium: CVE-2022-1479 Use after free in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2022-1478: Chromium: CVE-2022-1478 Use after free in SwiftShader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

CVE-2022-1477: Chromium: CVE-2022-1477 Use after free in Vulkan

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 101.0.1210.32 4/28/2022 101.0.4951.41

Explainable AI for Fraud Prevention

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

Cyberattacks Rage in Ukraine, Support Military Operations

At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user … Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution Read More »

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities. Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that "

Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new,