Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on […]
A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security […]
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. “The vulnerability is found in the Dev UI Config Editor, which […]
Oracle Access Manager (OAM) contains a pre-authentication RCE vulnerability (CVE-2021-35587) that was fixed in January 2022. However, the vulnerability is still being exploited by adversaries in the wild, as confirmed by the Cybersecurity and Infrastructure Security Agency, which added the vulnerability to its Catalog. CVE-2021-35587 has been added to the Known Exploited Vulnerabilities Catalog by CISA, […]
The security researchers at ESET found a new high-risk vulnerability in the UEFI firmware of Acer computers. Because to a security flaw that affects numerous types of Acer laptops, an adversary may be able to deactivate the Secure Boot function, allowing them to circumvent security measures and install malicious software. When the Secure Boot feature […]
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn’t have permission to perform an action can coerce a more-privileged entity to […]
Google sent out emergency patches for its Chrome web browser on Thursday to fix a security hole that the company says is being used in the wild.Google called the high-risk bug a GPU heap buffer overflow and gave it the number CVE-2022-4135. On November 22, 2022, Clement Lecigne of Google’s Threat Analysis Group is said […]
Redhat has just just published a risk advisory about a vulnerability in the Linux Kernel that allows for local privilege escalation. This vulnerability is tracked as CVE-2022-3910 (CVSS score: 7.4). This vulnerability is referred to be a use-after-free problem, and it can be found in io uring on the Update of Reference Count. io uring […]
Credit: Marina Minkin A novel attack method has been disclosed against a crucial piece of technology called time-triggered ethernet (TTE) that’s used in safety-critical infrastructure, potentially causing the failure of systems powering spacecraft and aircraft. Dubbed PCspooF by a group of academics and researchers from the University of Michigan, the University of Pennsylvania, and the […]
The local privilege escalation vulnerability in the Linux Kernel was reported by Redhat, and its CVE code is 2022-3977. The problem is that the most recent Linux kernel upstream contains a use-after-free vulnerability called mctp sk unhash that may be exploited to elevate privileges to root. When a program tries to utilize memory that has […]
The research team at cyber security company has identified a flaw that makes it possible to hack video entrance systems with an NFC tag. Promon researchers found that attackers can conduct an attack on the entry system to get the admin passcode using a mobile device with NFC capabilities. Once the passcode has been discovered, […]
A flaw in the Galaxy Store enables remote adversaries to trigger the installation and/or start of an application, resulting in the execution of a remote command on the Samsung phone.Some deeplinks are handled by the Galaxy Store application. You can use a browser or another program to call Deeplink. When Galaxy Store receives appropriate deeplinks, […]
The Windows Common Log File System (CLFS) Driver has an elevation of privilege vulnerability identified as CVE-2022-37969 (CVSS score: 7.8). For reporting this vulnerability, Microsoft gave credit to Quan Jin of DBAPPSecurity, Genwei Jiang with Mandiant, FLARE OTF, CrowdStrike, and Zscaler ThreatLabz. Software clients can make advantage of the general-purpose logging service known as the […]
An open-source project called OpenSSL is used to protect communications all across the world and offers simple cryptographic functionality. Simply put, OpenSSL powers the internet. OpenSSL has a number of flaws, but the two that are most well-known are the Heartbleed bug (CVE-2014-0160) and the OpenSSL 1.1.0a vulnerability (CVE-2016-6309). OpenSSL 3.0.7 update to fix Critical […]
Jira Align is a software-as-a-service (SaaS) platform that enables businesses to grow their cloud installations of the wildly popular bug tracking and project management tool Atlassian Jira. A high severity (CVSS 8.8) authorization controls issue was discovered by a Bishop Fox security researcher. It enables users with the ‘people’ permission to raise their privilege, or […]
Nearly everything uses SQLite, including cellphones, other computer languages, and battleships in the navy. There has a long history of the open-source database engine being particularly secure. Because of its extremely lenient license and portable, cross-platform nature, SQLite is the most extensively used database engine. It is built in C and may be converted into […]
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been […]
Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The weakness, given the identifier CVE-2022-42827, has been described as an out-of-bounds write issue in the Kernel, which could be abused by a rogue application to execute arbitrary […]
The OverlayFS file system implementation in the Linux kernel is where the vulnerability, CVE-2021-3493, exist. Although it only seems to impact Ubuntu, it allows a local user without administrative rights to get root access. The vulnerability is now included in CISA’s “Known Exploited Vulnerabilities Catalog,” and government entities have until November 10 to fix their […]
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. “The attacker intends to utilize a victim’s resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency,” Fortinet FortiGuard Labs researcher Cara […]
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 […]