Tag
#zero_day
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: through 5.26.119.
By Deeba Ahmed The two groups exploiting the vulnerability are Mango Sandstorm and Mint Sandstorm. Both are linked to the Iranian government and intelligence agencies. This is a post from HackRead.com Read the original post: Microsoft reports two Iranian hacking groups exploiting PaperCut flaw
Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Of the 38 vulnerabilities, six are rated Critical and
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: CVE-2023-29336 Tags: CVE-2023-24932 Tags: bootkit Tags: CVE-2023-29325 Tags: Outlook Tags: preview Tags: CVE-2023-24941 Tags: Apple Tags: Cisco Tags: Google Tags: Android Tags: VMWare Tags: SAP Tags: Mozilla Microsoft's Patch Tuesday round up for May 2023 includes patches for three zero-day vulnerabilities and one critical remote code execution vulnerability (Read more...) The post Update now! May 2023 Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
One of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in which this is the case.
Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant's threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint
The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges