Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Credit to Author: Katie McCafferty| Date: Tue, 22 Nov 2022 17:00:00 +0000

As vulnerabilities in network components, architecture files, and developer tools have become an increasingly popular attack vector to leverage access into secure networks and devices, Microsoft identified such a vulnerable component and found evidence of a supply chain risk that might affect millions of organizations and devices.

The post Vulnerable SDK components lead to supply chain risks in IoT and OT environments appeared first on Microsoft Security Blog.

Read more

Critical OpenSSL fix due Nov 1—what you need to know

Categories: News

Tags: fix

Tags: bug

Tags: vulnerability

Tags: exploit

Tags: attack

Tags: patch

Tags: update

Tags: OpenSSL

Tags: v3

Tags: v1

Tags: 3.0.5.

Version 3.0.7 of OpenSSL will fix the software’s first critical issue for six years.

(Read more…)

The post Critical OpenSSL fix due Nov 1—what you need to know appeared first on Malwarebytes Labs.

Read more

WPGateway WordPress plugin vulnerability could allow full site takeover

Categories: News

Tags: WPGateway

Tags: WordPress

Tags: plugin

Tags: vulnerability

Tags: CVE

We take a look at a vulnerability being exploited in the wild related to the WPGateway WordPress plugin.

(Read more…)

The post WPGateway WordPress plugin vulnerability could allow full site takeover appeared first on Malwarebytes Labs.

Read more

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Categories: News

Tags: BackupBuddy

Tags: WordPress

Tags: vulnerability

Tags: exploit

Tags: hack

Tags: compromise

Tags: update

We take a look at a vulnerability in popular WordPress plugin BackupBuddy, and the steps you need to take to fix it.

(Read more…)

The post BackupBuddy WordPress plugin vulnerable to exploitation, update now! appeared first on Malwarebytes Labs.

Read more

TikTok vulnerability could have allowed hijackers to take over accounts

Categories: News

Tags: Exploit

Tags: vulnerability

Tags: Tik-Tok

Tags: Microsoft

Tags: JavaScript

We take a look at a TikTok exploit discovered by Microsoft and passed on to the social media giant to have fixed.

(Read more…)

The post TikTok vulnerability could have allowed hijackers to take over accounts appeared first on Malwarebytes Labs.

Read more

Vulnerability in TikTok Android app could lead to one-click account hijacking

Credit to Author: Katie McCafferty| Date: Wed, 31 Aug 2022 16:00:00 +0000

Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users’ accounts with a single click.

The post Vulnerability in TikTok Android app could lead to one-click account hijacking appeared first on Microsoft Security Blog.

Read more

ChromeOS vulnerability found by Microsoft

Categories: News

Tags: Microsoft

Tags: ChromeOS

Tags: Chrome

Tags: Google

Tags: audio

Tags: bluetooth

Tags: exploit

Tags: vulnerability

Microsoft has released a report detailing a ChromeOS vulnerability reported to Chrome and fixed within a week.

(Read more…)

The post ChromeOS vulnerability found by Microsoft appeared first on Malwarebytes Labs.

Read more