Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: iOS 16.1.2 Tags: Safari 16.2 Tags: CVE-2022-42856 Tags: type confusion Apple has released new security content for iOS 16.1.2 and Safari 16.2. to fix a zero-day security vulnerability that was actively exploited |
The post Update now! Apple patches active exploit vulnerability for iPhones appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed |
The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: NetGear Tags: Nighthawk Tags: remote Tags: ports Tags: IPv6 NetGear has issued a hotfix that has to be installed manually, after researchers found a vulnerability that could allow remote attacks. |
The post Update now! NetGear routers’ default configuration allows remote attacks appeared first on Malwarebytes Labs.
Read moreCategories: Android Categories: Exploits and vulnerabilities Categories: News Google has issued its December round of patches, which includes a fix for a critical vulnerability that allows RCE over Bluetooth |
The post Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: V8 Tags: V8 JavaScript Engine Tags: Google Chrome Tags: Chrome Tags: CVE-2022-4262 Tags: 108.0.5359.94 Tags: 108.0.5359.95 Tags: Chrome V8 flaw Tags: type confusion Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you’re using the latest version. |
The post Update now! Emergency fix for Google Chrome’s V8 JavaScript engine zero-day flaw released appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine |
The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: PoC Tags: PoCs Tags: Leiden Tags: GitHub Tags: VirusTotal Tags: AbuseIPDB Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious |
The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: Identity Services Engine Tags: AnyConnect VPN server Tags: CVE-2022-20822 Tags: CVE-2022-20959 Tags: CVE-2022-20933 Tags: input validation Cisco’s latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files. |
The post Cisco warns of ISE vulnerability with no fixed release or workaround appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Log4Text Tags: Apache Tags: Commons Text Tags: CVE-2022-42889 Tags: Log4j Tags: Log4Shell Tags: interpolators Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry? |
The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.
Read moreCategories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. |
The post Chinese APT’s favorite vulnerabilities revealed appeared first on Malwarebytes Labs.
Read more