The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
| | | LATEST SECURITY NEWS & COMMENTARY | | Google Chrome WebRTC Zero-Day Faces Active Exploitation The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more. North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware. Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide. Marriott Data Breach Exposes PII, Credit Cards The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport. HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe. Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. ZuoRAT Hijacks SOHO Routers From Cisco, Netgear The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly. 18 Zero-Days Exploited So Far in 2022 It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero. How to Keep EVs From Taking Down the Electrical Grid They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance. Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines. How to Master the Kill Chain Before Your Attackers Do In the always-changing world of cyberattacks, preparedness is key. Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report. NIST Picks 4 Quantum-Resistant Cryptographic Algorithms The US Department of Commerce's National Institute of Standards and Technology has announced the first group of encryption tools that will become part of its post-quantum cryptographic standard. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
