Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-29886: TALOS-2022-1533 || Cisco Talos Intelligence Group

An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE
Open in Source
#vulnerability#windows#microsoft#cisco#intel#buffer_overflow
Threat Roundup for July 29 to August 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 25...

A Ransomware Explosion Fosters Thriving Dark Web Ecosystem

For the right price, threat actors can get just about anything they want to launch a ransomware attack — even without technical skills or any previous experience.

Iranian Hackers likely Behind Disruptive Cyberattacks Against Albanian Government

A threat actor working to further Iranian goals is said to have been behind a set of disruptive cyberattacks against Albanian government services in mid-July 2022. Cybersecurity firm Mandiant said the malicious activity against a NATO state represented a "geographic expansion of Iranian disruptive cyber operations." The July 17 attacks, according to Albania's National Agency of Information

Open Redirect Flaw Snags Amex, Snapchat User Data

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

CVE-2022-2624: Chromium: CVE-2022-2624 Heap buffer overflow in PDF

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 104.0.1293.47 8/5/2022 104.0.5112.79/80/81

CVE-2022-2623: Chromium: CVE-2022-2623 Use after free in Offline

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 104.0.1293.47 8/5/2022 104.0.5112.79/80/81

CVE-2022-2622: Chromium: CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 104.0.1293.47 8/5/2022 104.0.5112.79/80/81

CVE-2022-2621: Chromium: CVE-2022-2621 Use after free in Extensions

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 104.0.1293.47 8/5/2022 104.0.5112.79/80/81

CVE-2022-2619: Chromium: CVE-2022-2619 Insufficient validation of untrusted input in Settings

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 104.0.1293.47 8/5/2022 104.0.5112.79/80/81