Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to scale the key ideas from CHERI down to tiny cores on the scale of the cheapest microcontrollers. These cores are very different from the desktop and server-class processors that have been the focus of the Morello project.

msrc-blog
Open in Source
#vulnerability#windows#microsoft#java#c++#perl#auth#ssl
Zero-day puts a dent in Chrome's mojo

Categories: Exploits and vulnerabilities Categories: News The Google Chrome Team recently issued a fix for the CVE-2022-3075 zero-day. (Read more...) The post Zero-day puts a dent in Chrome's mojo appeared first on Malwarebytes Labs.

CVE-2022-39838: GitHub - jet-pentest/CVE-2022-39838

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability.

CVE-2022-3122: webray.com.cn/cpmssql.md at main · joinia/webray.com.cn

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.

Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

A vulnerable anti-cheat driver for the Genshin Impact video game has been leveraged by a cybercrime actor to disable antivirus programs to facilitate the deployment of ransomware, according to findings from Trend Micro. The ransomware infection, which was triggered in the last week of July 2022, banked on the fact that the driver in question ("mhyprot2.sys") is signed with a valid certificate,

A week in security (August 29 - September 4)

Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 29 - September 4) appeared first on Malwarebytes Labs.

Police Across US Bypass Warrants With Mass Location-Tracking Tool

Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.

Google Release Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validating in Mojo, which refers to a collection of runtime libraries that provide a platform-agnostic mechanism for inter-process communication (IPC). An

CVE-2022-36754: 0724/sql.md at main · mikeccltt/0724

Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p.