Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.
WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
February 21, 2023
ISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 Mitel MiVoice Connect Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Two Industrial Control Systems Advisories
- Cisco’s ClamAV has a heckuva flaw
February 17, 2023
“A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code,” states Cisco’s security advisory, which identifies the issue as CVE-2023-20032. “This vulnerability is due to a missing buffer size check that may result in a ...
- CISA Releases Fifteen Industrial Control Systems Advisories
February 16, 2023
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens ...
- Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack
February 16, 2023
A new malware dubbed ‘ProxyShellMiner’ exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021. When chained together, the vulnerabilities allow unauthenticated, remote code execution, letting attackers take complete control of ...
- Mirai Variant V3G4 Targets IoT Devices
February 15, 2023
From July to December 2022, Unit 42 researchers observed a Mirai variant called V3G4, which was leveraging several vulnerabilities to spread itself. The vulnerabilities exploited include the following: CVE-2012-4869: FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability CVE-2014-9727: FRITZ!Box Webcam Remote Command Execution Vulnerability Mitel AWC Remote Command Execution Vulnerability Read more… Source: Palo Alto Unit 42
- Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack
February 15, 2023
Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The “Kia Challenge” started circulating in mid-2022 and explained that it’s possible to remove the steering column covering on some Hyundai and Kia models by ...