Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.
WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Escalating Privileges via Third-Party Windows Installers
July 19, 2023
Picture this: you’ve finally made it past the perimeter of a highly secured organization. You’re feeling pretty pleased with yourself, until you realize you only have Active Directory privileges of a newly hired intern and the thrill trickles away. However, with some crafty tricks and a bit of luck, you just might be able to ...
- CISA Releases Seven Industrial Control Systems Advisories
July 18, 2023
CISA released seven Industrial Control Systems (ICS) advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02 Keysight N6845A Geolocation Server ICSA-23-199-03 Iagona ScrutisWeb Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- DDoS threat report for 2023 Q2
July 18, 2023
The second quarter of 2023 was characterized by thought-out, tailored and persistent waves of DDoS attack campaigns on various fronts, including: Multiple DDoS offensives orchestrated by pro-Russian hacktivist groups REvil, Killnet and Anonymous Sudan against Western interest websites. An increase in deliberately engineered and targeted DNS attacks alongside a 532% surge in DDoS attacks exploiting the Mitel ...
- US energy department, other agencies hit in global hacking spree
July 16, 2023
The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday. Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Adobe InDesign
July 13, 2023
This past March, Fortinet researcher Yonghui Han discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. And on Patch Tuesday, July 11, 2023, Adobe released their security patches to fix them. The vulnerabilities are identified as CVE-2023-29308, CVE-2023-29309, CVE-2023-29310, CVE-2023-29311, CVE-2023-29312, CVE-2023-29313, CVE-2023-29314, CVE-2023-29315, CVE-2023-29316, CVE-2023-29317, CVE-2023-29318, and CVE-2023-29319. All of these vulnerabilities have been ...
- Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
July 13, 2023
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. Seven vulnerabilities affect Apple macOS only Two vulnerabilities affect VMWare vCenter. Three vulnerabilities affect both. Read more… Source: Cisco Talos