Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.
WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- WordPress-powered sites backdoored after FishPig suffers supply chain attack
September 15, 2022
It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites. We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems ...
- A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
September 14, 2022
Trend Micro researchers have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems. One of the older vulnerabilities that is still being actively exploited by malicious ...
- Cisco won’t fix authentication bypass zero-day in EoL routers
September 7, 2022
Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). This zero-day bug (CVE-2022-20923) is caused by a faulty password validation algorithm that attackers could exploit to log into the VPN on vulnerable devices using what the company describes as “crafted ...
- Mirai Variant MooBot Targeting D-Link Devices
September 6, 2022
In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products. The vulnerabilities exploited include: CVE-2015-2051: D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530: D-Link SOAP Interface Remote Code Execution Vulnerability CVE-2022-26258: D-Link Remote Command Execution Vulnerability CVE-2022-28958: D-Link Remote Command Execution Vulnerability If the devices ...
- Google Chrome emergency update fixes new zero-day used in attacks
September 2, 2022
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. “Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a security advisory published on Friday. This new version is rolling ...
- Vulnerability in TikTok Android app could lead to one-click account hijacking
August 31, 2022
Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed and Microsoft did not locate any evidence of in-the-wild exploitation. Attackers could have leveraged the ...