Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.
WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Autonomous robots used in hundreds of hospitals at risk of remote hijacks
April 12, 2022
A decade ago security researcher Barnaby Jack famously wirelessly hacked a hospital insulin pump live on stage in front of hundreds of people to demonstrate how easily it could be compromised to deliver a lethal dose of medication. In the years that have passed, medical device security has gotten better, albeit with an occasional high-profile ...
- CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
April 11, 2022
Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. Researchers began seeing malicious activities at the start ...
- Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug
April 6, 2022
American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched ...
- MacOS SUHelper Root Privilege Escalation Vulnerability: A Deep Dive Into CVE-2022-22639
April 4, 2022
Trend Micro researchers discovered a vulnerability in suhelperd, a helper daemon process for Software Update in macOS. A class inside suhelperd, SUHelper, provides an essential system service through the inter-process communication (IPC) mechanism. The process runs as root and is signed with special entitlements, such as com.apple.rootless.install, which grants the process permission to bypass System ...
- An In-Depth Look at ICS Vulnerabilities Part 2
April 4, 2022
In part one, Trend Micro researchers discussed ICS-CERT advisories from 2010 to 2021. Using MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS, determined the number of identified CVEs that affect the ICS environment. For this blog entry, Trend Micro look into the sectors affected, especially during 2021: Read more… Source: Trend Micro Related story: An In-Depth Look ...
- SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
April 4, 2022
On March 31, 2022, vulnerabilities in the Spring Framework for Java were publicly disclosed. Microsoft is currently assessing the impact associated with these vulnerabilities. This blog is for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical remote code execution (RCE) vulnerability CVE-2022-22965 (also known as ...