Tag
#windows
On windows, `atty` dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the `System` allocator on windows uses `HeapAlloc`, which guarantees a large enough alignment. # atty is Unmaintained A Pull Request with a fix has been provided over a year ago but the maintainer seems to be unreachable. Last release of `atty` was almost 3 years ago. ## Possible Alternative(s) The below list has not been vetted in any way and may or may not contain alternatives; - [is-terminal](https://crates.io/crates/is-terminal) - std::io::IsTerminal *nightly-only experimental*
The number of malware samples is up as attackers aim to compromise users where they work and play: Their smartphones.
Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.
Categories: Business #1 in Endpoint Protection, #1 ROI for Endpoint Management, #1 for EDR implementation. (Read more...) The post Top contenders in Endpoint Security revealed: G2 Summer 2023 results appeared first on Malwarebytes Labs.
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data from infected hosts. Fortinet FortiGuard Labs, which made the discovery, said it found the malware in an executable that masqueraded as a PDF file with a Russian name "CMK Правила оформления больничных листов.pdf.exe," which translates to "CMK
A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.