New macOS vulnerability, “powerdir,” could lead to unauthorized user data access

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 10 Jan 2022 17:00:00 +0000

A new macOS vulnerability, “powerdir,” could allow an attacker to bypass the operating system’s TCC technology and gain unauthorized access to a user’s protected data. We shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) and Apple released a fix.

The post New macOS vulnerability, “powerdir,” could lead to unauthorized user data access appeared first on Microsoft Security Blog.

Read more

CVE-2021-44228: New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild

Credit to Author: Quickheal| Date: Wed, 15 Dec 2021 10:34:59 +0000

A critical zero-day vulnerability (CVE-2021-44228) recently discovered Apache Log4J, the popular java open source logging library used in…

The post CVE-2021-44228: New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Read more

Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection

Credit to Author: Eric Avena| Date: Thu, 28 Oct 2021 16:00:13 +0000

Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26.

The post Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection appeared first on Microsoft Security Blog.

Read more

MSHTML attack targets Russian state rocket centre and interior ministry

Credit to Author: Malwarebytes Labs| Date: Wed, 22 Sep 2021 19:16:56 +0000

Someone is trying to use CVE-2021-40444 against valuable Russian targets.

Categories: Reports

Tags:

(Read more…)

The post MSHTML attack targets Russian state rocket centre and interior ministry appeared first on Malwarebytes Labs.

Read more

A week in security (Sept 13 – Sept 19)

Credit to Author: Malwarebytes Labs| Date: Mon, 20 Sep 2021 10:28:09 +0000

A round up of the previous week’s blogs and most interesting and relevant security events, hacks, and information.

Categories: A week in security

Tags:

(Read more…)

The post A week in security (Sept 13 – Sept 19) appeared first on Malwarebytes Labs.

Read more

Realtek-based routers, smart devices are being gobbled up by a voracious botnet

Credit to Author: Pieter Arntz| Date: Tue, 24 Aug 2021 13:36:52 +0000

Yet again, recently disclosed vulnerabilities in smart devices are being exploited quickly to expand the Mirai botnet.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post Realtek-based routers, smart devices are being gobbled up by a voracious botnet appeared first on Malwarebytes Labs.

Read more

ProxyShell vulnerabilities in Microsoft Exchange: What to do

Credit to Author: Greg Iddon| Date: Mon, 23 Aug 2021 18:00:22 +0000

Last updated 2021-08-23 UTC 18:10 Overview Threat actors are actively scanning and exploiting vulnerable Microsoft Exchange servers that have not applied security patches released earlier this year. ProxyShell, the name given to a collection of vulnerabilities for Microsoft Exchange servers, enables an actor to bypass authentication and execute code as a privileged user. ProxyShell comprises [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/3OJ3pFWvR1M” height=”1″ width=”1″ alt=””/>

Read more

Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15

Credit to Author: Malwarebytes Labs| Date: Mon, 16 Aug 2021 15:07:58 +0000

On Lock and Code this week, we speak with Luta Security CEO and founder Katie Moussouris about how she hacked Clubhouse.

Categories: Podcast

Tags:

(Read more…)

The post Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15 appeared first on Malwarebytes Labs.

Read more