JavaScript Archives - Cyber Security Minute

Google Patches Third Actively Exploited Chrome Zero-Day of 2022

Issued by: Security Week

Tracked as CVE-2022-1364 and considered “high severity,” the exploited security hole is described as a type confusion in the V8 JavaScript and WebAssembly engine. Attacks targeting type confusion bugs in Chrome’s V8 engine may lead to arbitrary code execution. All Chromium-based browsers are impacted. “Google is aware that an exploit for CVE-2022-1364 exists in the…

Malware & Threats

Codex Exposed: Helping Hackers in Training?

Issued by: Trend Micro Blog

In June 2020, OpenAI released version 3 of its Generative Pre-trained Transformer (GPT-3), a natural language transformer that took the tech world by storm with its uncanny ability to generate text seemingly written by humans. But GPT-3 was also trained on computer code, and recently OpenAI released a specialized version of its engine, named Codex,…

Malware & Threats

JFrog’s New Tools Flag Malicious JavaScript Packages

Issued by: Dark Reading

DevOps security firm JFrog released three open source security tools in response to recent issues with software registry npm to help JavaScript developers detect and prevent the installation of problematic packages. Software supply chain attacks are becoming a big problem in the open source software ecosystem, with attackers sneaking information stealers, keyloggers, and other types…

Vulnerabilities

WordPress 5.8.1 Patches Several Vulnerabilities

Issued by: Security Week

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…

Cloud Security

Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker

Issued by: Security Week

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…

Malware & Threats

Attackers Already Targeting Apple’s M1 Chip with Custom Malware

Issued by: Dark Reading

The latest processor for Apple’s Macs — the M1 chip — has already become a target for malware authors, who have created Mac-specific binaries targeting the ARM64 architecture used by the processors, researchers said this week. For example, one MacOS malware downloader, dubbed Silver Sparrow, has a number of interesting properties, including the use of…

Software Security

How to block malicious JavaScript files in Windows environments

Issued by: CSO

There have been several recent reports of fake updaters that spoof Google Chrome, Mozilla Firefox, and Internet Explorer landing pages. When the user clicks on the upgrade option, a JavaScript file is downloaded and executes malware. You have several options to block or change the default behavior to better protect workstations. Block JavaScript at the…

Malware & Threats

Websites Attack Attempts Rose in Q2

Issued by: Dark Reading

New data shows attackers are trying to sneak past malware scanners on websites using stealthy hacks such as cryptojacking and malicious JavaScript. Website security service provider SiteLock analyzed data from 6 million customer websites for the second quarter of 2018 and found that a website, on average, suffers 58 attack attempts per day – or…