Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

CVE-2022-1875: Chromium: CVE-2022-1875 Inappropriate implementation in PDF

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#pdf#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Hackers Selling US Colleges VPN Credentials on Russian Forums- FBI

By Waqas The network credentials and VPN access information were mainly acquired through ransomware, spear-phishing, and other cyberattacks. According to… This is a post from HackRead.com Read the original post: Hackers Selling US Colleges VPN Credentials on Russian Forums- FBI

Red Hat Security Advisory 2022-4770-01

Red Hat Security Advisory 2022-4770-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1.

EnemyBot Linux Botnet Now Exploits Web Server, Android and CMS Vulnerabilities

A nascent Linux-based botnet named Enemybot has expanded its capabilities to include recently disclosed security vulnerabilities in its arsenal to target web servers, Android devices, and content management systems (CMS). "The malware is rapidly adopting one-day vulnerabilities as part of its exploitation capabilities," AT&T Alien Labs said in a technical write-up published last week. "Services

GHSA-ph3w-2843-72mx: Stored Cross-site Scripting in gitea

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9 via unfiltered pdfs

CVE-2022-1928: Fix raw endpoint PDF file headers (#19825) · go-gitea/gitea@65e0688

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.

The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand

The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.

Researchers Find New Malware Attacks Targeting Russian Government Entities

An unknown advanced persistent threat (APT) group has been linked to a series of spear-phishing attacks targeting Russian government entities since the onset of the Russo-Ukrainian war in late February 2022. "The campaigns [...] are designed to implant a Remote Access Trojan (RAT) that can be used to surveil the computers it infects, and run commands on them remotely," Malwarebytes said in a

New Attack Shows Weaponized PDF Files Remain a Threat

Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.