634 matches found
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
Type confusion
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
CVE-2019-17026 describes a type-confusion vulnerability in the IonMonkey JIT used by Mozilla products. The issue stems from incorrect alias information when storing array elements, enabling a type confusion that could be exploited for arbitrary code execution. Affected products include Firefox ES...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1. Recent assessments: gwillcox-r7 a...
Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing
Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly doubl...
Our Experiences Participating in Microsoft’s Azure Sphere Bounty Program | McAfee Blogs
CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...
Amazon Linux 2 : thunderbird (ALAS-2020-1393)
The version of thunderbird installed on the remote host is prior to 68.4.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1393 advisory. When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace...
CSI Evidence Indicators for Targeted Ransomware Attacks
ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...
CSI Evidence Indicators for Targeted Ransomware Attacks
ARCHIVED STORY CSI: Evidence Indicators for Targeted Ransomware Attacks – Part I By Trellix · Febraury 12, 2020 For many years now I have been working and teaching in the field of digital forensics, malware analysis and threat intelligence. During one of the classes we always talk about Lockard’s...
Important: thunderbird
Issue Overview: When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR tag from the clipboard into...
CamuBot Banking Trojan Returns In Targeted Attacks
The CamuBot malware, known for targeting Brazilian bank customers, has returned in a slew of recent offensives. The latest wave of attacks are highly personalized and, unlike previous campaigns, target victims’ mobile banking apps as an extra step to evade detection when making fraudulent...
Nuri: HTML injection in email content
Summary: Hi, I just found an issue when register account in https://app.bitwala.com/onboarding/preliminary. It allow hacker injection malicious text include html code in email content. Steps To Reproduce: Make request register below with payload html in ==firstName== and ==lastName== parameter:...
Zoom Fixed Flaw Opening Meetings to Hackers
NEW ORLEANS – Enterprise video conferencing firm Zoom has issued a bevy of security fixes after researchers said the company’s platform used weak authentication that made it possible for adversaries to join active meetings. The issue stems from Zoom’s conference meetings not requiring a “meeting...
Microsoft Zero-Day Actively Exploited, Patch Forthcoming
An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...
Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks
Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer IE browser that attackers are actively exploiting in the wild — and there is no patch ye...