CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Experts Uncover New 'CosmicStrand' UEFI Firmware Rootkit Used by Chinese Hackers

An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated Unified Extensible Firmware Interface UEFI firmware rootkit called CosmicStrand. "The rootkit is located in the firmware images of Gigabyte or ASUS motherboards, and we noticed that all these images are...

CVE-2022-1313

CVE-2022-1313 describes a use-after-free in Chromium-based browsers (Chrome/Chromium) related to tab groups, leading to potential heap corruption via a crafted HTML page. The issue affects Chromium-derived browsers and was publicly disclosed with the impact of remote code execution/compromise via...

CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-1313

Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

PT-2022-6383 · Atlassian · Jira Service Management Server

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Service Management Server and Data Center versions prior to 4.22.2 Description: The issue allows remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the...

kernel: cgroup: Use open-time creds and namespace for migration perm checks

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1...

Instagram Slow to Tackle Bots Targeting Iranian Women’s Groups

Despite alerting Meta months ago, feminist groups say tens of thousands of fake accounts continue to bombard them on the platform...

Wallarm extends AWS API security with the official Terraform module

Wallarm API Security solution is now available in AWS as an official Terraform module, with a full feature set including autoscaling groups, API Gateway connector, mirroring, and agentless out-of-band deployments. To address modern cloud-native threats, API security vendor Wallarm released extend...

Vulnerabilities & Threats that Matter 11-17 July 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 580 37 2 World-wide 11 61 For a detailed threat digest, download the pdf file here Summary The second week of July 2022 witnessed the discovery of 580 vulnerabilities out ...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2026)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device...

State-Backed Hackers Targeting Journalists in Widespread Espionage Campaigns

Nation-state hacking groups aligned with China, Iran, North Korea, and Turkey have been targeting journalists to conduct espionage and spread malware as part of a series of campaigns since early 2021. "Most commonly, phishing attacks targeting journalists are used for espionage or to gain key...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5515-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5515-1 advisory. Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in...

Apple Lockdown Mode helps protect users from spyware

Apple has announced a new feature of iOS 16 called Lockdown Mode. This new feature is designed to provide a safer environment on iOS for people at high risk of what Apple refers to as "mercenary spyware." This includes people like journalists and human rights advocates, who are often targeted by...

The Danger of License Plate Readers in Post-Roe America

Known as ALPRs, this surveillance tech is pervasive across the US—and could soon be used by police and anti-abortion groups alike...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5505-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5505-1 advisory. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A...

Vulnerabilities & Threats that Matter 27 June – 03 July 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 436 2 2 55 15 30 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 436 vulnerabilities out of which 2...