Exploits and vulnerabilities

MalwareBytesSecurity

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth

Categories: Android

Categories: Exploits and vulnerabilities

Categories: News

Google has issued its December round of patches, which includes a fix for a critical vulnerability that allows RCE over Bluetooth

(Read more…)

The post Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! Emergency fix for Google Chrome’s V8 JavaScript engine zero-day flaw released

Categories: Exploits and vulnerabilities

Categories: News

Tags: V8

Tags: V8 JavaScript Engine

Tags: Google Chrome

Tags: Chrome

Tags: CVE-2022-4262

Tags: 108.0.5359.94

Tags: 108.0.5359.95

Tags: Chrome V8 flaw

Tags: type confusion

Google has rolled out an out-of-band patch for an actively exploited zero-day vulnerability in its V8 JavaScript engine. Make sure you’re using the latest version.

(Read more…)

The post Update now! Emergency fix for Google Chrome’s V8 JavaScript engine zero-day flaw released appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Fake Proof-of-Concepts used to lure security professionals

Categories: Exploits and vulnerabilities

Categories: News

Tags: PoC

Tags: PoCs

Tags: Leiden

Tags: GitHub

Tags: VirusTotal

Tags: AbuseIPDB

Researchers from Leiden University analyzed many thousands of Proof-of-Concepts and found that 10 percent of those they found on GitHub are malicious

(Read more…)

The post Fake Proof-of-Concepts used to lure security professionals appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Cisco warns of ISE vulnerability with no fixed release or workaround

Categories: Exploits and vulnerabilities

Categories: News

Tags: Cisco

Tags: Identity Services Engine

Tags: AnyConnect VPN server

Tags: CVE-2022-20822

Tags: CVE-2022-20959

Tags: CVE-2022-20933

Tags: input validation

Cisco’s latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files.

(Read more…)

The post Cisco warns of ISE vulnerability with no fixed release or workaround appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Why Log4Text is not another Log4Shell

Categories: Exploits and vulnerabilities

Categories: News

Tags: Log4Text

Tags: Apache

Tags: Commons Text

Tags: CVE-2022-42889

Tags: Log4j

Tags: Log4Shell

Tags: interpolators

Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry?

(Read more…)

The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Chinese APT’s favorite vulnerabilities revealed

Categories: Exploits and vulnerabilities

Categories: News

Tags: Chinese APT

Tags: advanced persistent threat

Tags: APT

Tags: CISA

Tags: NSA

Tags: FBI

Tags: security advisory

CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China.

(Read more…)

The post Chinese APT’s favorite vulnerabilities revealed appeared first on Malwarebytes Labs.

Read More
MalwareBytesSecurity

Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected

Categories: Exploits and vulnerabilities

Categories: News

Tags: Microsoft

Tags: Apple

Tags: Google

Tags: Android

Tags: Samsung

Tags: Xiaomi

Tags: Adobe

Tags: SAP

Tags: VMWare

Tags: Fortinet

Tags: CVE-2022-41033

Tags: CVE-2022-41040

Tags: zero-day

No fix for ProxyNotShell

(Read more…)

The post Update now! October patch Tuesday fixes actively used zero-day…but not the one you expected appeared first on Malwarebytes Labs.

Read More