Intern<T>: Data race allowed on T

Affected versions of this crate unconditionally implements Sync for Intern. This allows users to create data race on T: !Sync, which may lead to undefined behavior for example, memory corruption. The flaw was corrected in commit 2928a87 by adding the trait bound T: Sync in the Sync impl of Intern...

Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E02

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 20...

A week in security (February 1 – February 7)

Last week on Malwarebytes Labs, we dug into a load of security events. We first peered into how Fonix ransomware was giving up the ghost, swearing off a life of crime and even apologizing for past actions. We looked at a credit card skimmer that found opportunity in the latest Magento 1 hacking...

Malicious Chrome extensions can steal data by abusing Sync feature

By Saad Rajpoot Security Researcher reveals malicious use of Chrome extension- C&C and data exfiltration possible through Sync Feature. This is a post from HackRead.com Read the original post: Malicious Chrome extensions can steal data by abusing Sync feature...

March 29, 2021—KB5000842 (OS Builds 19041.906 and 19042.906) Preview

March 29, 2021—KB5000842 OS Builds 19041.906 and 19042.906 Preview 2/24/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash Player...

CVE-2020-36215

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2020-36217

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2020-36219

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption implements Sync unconditionally, a data race can occur...

CVE-2020-36217

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2020-36209

An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

CVE-2020-36204

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...

CVE-2020-36203

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption...

Memory corruption

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

Design/Logic Flaw

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...

Memory corruption

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...

Memory corruption

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur...

TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers

Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked...

Reffers Crate Security Breach

Reffers Crate through 2020-12-01 for Rust A security vulnerability exists that stems from the fact that ARefss can contain a !Send,!Sync object, resulting in data contention and memory corruption...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust. The vulnerability stems from the unconditional implementation of Sync by AtomicOption , so data contention may occur...