Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Twitter data breach affects 5.4M users

Categories: Privacy Twitter has confirmed a data breach on July 2. (Read more...) The post Twitter data breach affects 5.4M users appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#auth#zero_day
Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform. "As a result of the vulnerability, if someone submitted an email address or phone number to Twitter's systems, Twitter's systems would tell the person what Twitter account the submitted email addresses or phone number was associated with, if any,"

CVE-2022-37431: Fortiguard

A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false.

Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale

Agentless approach meets the attacker earlier to protect financial services and other large enterprises from an underserved attack vector.

Zero-Day Defense: Tips for Defusing the Threat

Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.

CVE-2022-35867: ZDI-22-949

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.

Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory

‘We believe that announcing vulnerabilities without a fix is the best solution for a difficult problem’

Apple Just Patched 37 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

CVE-2022-35234: Security Bulletin: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine.

CVE-2022-33158: Security Bulletin: Trend Micro VPN Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system.