The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
Follow Dark Reading:
 July 07, 2022
LATEST SECURITY NEWS & COMMENTARY
Google Chrome WebRTC Zero-Day Faces Active Exploitation
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
North Korean State Actors Deploy Surgical Ransomware in Ongoing Cyberattacks on US Healthcare Orgs
US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.
Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'
The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.
Marriott Data Breach Exposes PII, Credit Cards
The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport.
HackerOne Employee Fired for Stealing and Selling Bug Reports for Personal Gain
Company says it is making changes to its security controls to prevent malicious insiders from doing the same thing in future; reassures bug hunters their bounties are safe.
Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration
An unauthenticated remote code execution vulnerability found in Zoho’s compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows.
ZuoRAT Hijacks SOHO Routers From Cisco, Netgear
The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly.
18 Zero-Days Exploited So Far in 2022
It didn't have to be this way: So far 2022's tranche of zero-days shows too many variants of previously patched security bugs, according Google Project Zero.
How to Keep EVs From Taking Down the Electrical Grid
They may be environmentally friendly, but the surging popularity of electric cars and plug-in hybrids puts the nation's electrical grid at greater risk for malfeasance.
Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.
How to Master the Kill Chain Before Your Attackers Do
In the always-changing world of cyberattacks, preparedness is key.
Supply Chain Attack Deploys Hundreds of Malicious NPM Modules to Steal Data
A widespread campaign uses more than 24 malicious NPM packages loaded with JavaScript obfuscators to steal form data from multiple sites and apps, analysts report.
NIST Picks 4 Quantum-Resistant Cryptographic Algorithms
The US Department of Commerce's National Institute of Standards and Technology has announced the first group of encryption tools that will become part of its post-quantum cryptographic standard.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Name That Edge Toon: On Guard
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Zero-Days Aren't Going Away Anytime Soon & What Leaders Need to Know
There were a record number of zero-day attacks last year, but some basic cyber-hygiene strategies can help keep your organization more safe.

ICYMI: A Microsoft Warning, Follina, Atlassian, and More
Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

MORE
EDITORS' CHOICE
Criminals Use Deepfake Videos to Interview for Remote Work
The latest evolution in social engineering could put fraudsters in a position to commit insider threats.
LATEST FROM THE EDGE

10 No-BS Tips for Building a Diverse and Dynamic Security Team
Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry.
LATEST FROM DR TECHNOLOGY

Can Zero-Knowledge Cryptography Solve Our Password Problems?
Creating temporary keys that are not stored in central repositories and time out automatically could improve security for even small businesses.
WEBINARS
  • Building and Maintaining an Effective Remote Access Strategy

    The COVID-19 pandemic transformed enterprises into remote workplaces overnight, forcing IT organizations to revamp their computing and networking strategies on the fly. Some of the changes were intended to be temporary, and some rules were adopted without thinking through all ...

  • Building and Maintaining Security at the Network Edge

    Advances in networking and new technologies have expanded the possibilities of deploying applications at the network edge. These edge devices bring with them their own security management challenges and risks. How do you scale your security to manage the sheer ...

View More Dark Reading Webinars >>
WHITE PAPERS
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
CURRENT ISSUE
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.