#windows

Categories: News Tags: chrome Tags: browser Tags: update Tags: vulnerability Tags: CVE Tags: exploit Tags: exploitation Tags: zero-day Users of Chrome should ensure they're running the latest version to patch an integer overflow in the Skia graphics library. (Read more...) The post Update now, there's a Chrome zero-day in the wild appeared first on Malwarebytes Labs.

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.

Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.

Overcoming the limitations of consumer MFA with a new flavor of passwordless.

Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.

ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.

Piwigo version 13.6.0 suffers from a persistent cross site scripting vulnerability.

Lilac-Reloaded for Nagios version 2.0.l8 remote code execution exploit.