Researchers have discovered a “trivially exploitable” local privilege escalation vulnerability (CVE-2021-4034) in Polkit’s pkexec tool that affects likely every major Linux distribution.
Month: January 2022
Researchers have discovered a new macOS malware dubbed “DazzleSpy” used in watering hole attacks in Asia to compromise Mac computers.
The Cybersecurity and Infrastructure Security Agency (CISA) has published 8 new actively exploited vulnerabilities, one of those vulnerabilities (CVE-2022-22587) recently fixed by Apple.
Apple has released security updates for iOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3, and other Apple products. The updates also address a zero-day vulnerability (CVE-2022-22587) exploited in the wild.
Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.
McAfee has released a security update for its McAfee Agent for Windows that fixes 2 High risk vulnerabilities (CVE-2021-31854, CVE-2022-0166).
Ubuntu 21.04 (Hirsute Hippo) has reached its end-of-life (EOL) January 20, 2022, nearly nine months after its initial release.