AT&T Data Breach: Hackers Steal Call and Text Records for “Nearly All” Customers

AT&T confirms a data breach exposing call and text records for "Nearly All" customers from May 2022 to…...

Shein's Android App Caught Transmitting Clipboard Data to Remote Servers

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The iss...

K55879220: Overview of F5 vulnerabilities (May 2022)

Security Advisory Description On May 4, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated...

NVIDIA Windows GPU Display Driver (May 2022)

A display driver installed on the remote Windows host is affected by a vulnerability: - NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader,...

Security Updates for Microsoft Office Products C2R (May 2022)

The Microsoft Office Products are missing security updates. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the...

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, Im using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presente...

CVE-2022-1268

creationtimestamp| type| source ---|---|--- 2022-05-23 12:35:33+00:00| seen| https://t.me/cibsecurity/43147...

Weekly Threat Digest: 9-15 May 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 650 3 1 14 10 13 The second week of May 2022 witnessed the discovery of 650 vulnerabilities out of which 3 gained...

pmb.ac-noumea.nc Cross Site Scripting vulnerability OBB-2618931

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Three zero-days addressed in Microsoft’s May 2022 Patch Tuesday

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 74 vulnerabilities in their May 2022 Patch Tuesday Security Update. Three of them are zero-days, and one is being exploited in the wild. The LSA Spoofing vulnerability CVE-2022-26925 is actively exploited i...

Security Updates for Microsoft Visual Studio Products (May 2022)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2022-24513 - Multiple denial of service DoS vulnerabilities. An...

Patch Tuesday - May 2022

This month is par for the course in terms of both number and severity of vulnerabilities being patched by Microsoft. That means there’s plenty of work to be done by system and network administrators, as usual. There is one 0-day this month: CVE-2022-26925, a Spoofing vulnerability in the Windows...

May 2022 Patch Tuesday | Microsoft Releases 75 Vulnerabilities with 8 Critical; Adobe Releases 5 Advisories, 18 Vulnerabilities with 16 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 75 vulnerabilities in the May 2022 update, including one advisory ADV2200011 for Azure in response to CVE-2022-29972, a publicly exposed Zero-Day Remote Code Execution RCE Vulnerability, and eight 8 vulnerabilities classified as Critical as they...

Microsoft Patch Tuesday for May 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw, with contributions from Jaeson Schultz. Microsoft returned to its normal monthly patching volume in May, disclosing and fixing 74 vulnerabilities as part of the company’s latest security update. This month’s Patch Tuesday includes seven critical vulnerabilities after Microsoft...

AMD Client UEFI Firmware May 2022 Security Updates

AMD has informed HP of potential vulnerabilities identified in AMD client platform firmware components, which might allow arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to...

KB5013943: Windows 11 Security Update (May 2022)

The remote Windows host is missing security update 5013943. It is, therefore, affected by multiple vulnerabilities - Windows LDAP Remote Code Execution Vulnerability CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137,...

KB5013951: Windows 10 version 17784 / Azure Stack HCI Security Update (May 2022)

The remote Windows host is missing security update 5013951. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS functionality. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from the Microsof...

Security Updates for Microsoft Publisher Products (May 2022)

The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of...

KB5013942: Windows 10 Version 20H2 / 21H1 / 21H2 Security Update (May 2022)

The remote Windows host is missing security update 5013942. It is, therefore, affected by multiple vulnerabilities - Windows LDAP Remote Code Execution Vulnerability CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137,...

ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...