Microsoft Offers Guidance on Detecting BlackLotus UEFI Bootkit Attacks Security researchers and experts are warning of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service that has been patched by Microsoft during this month's Patch Tuesday. Windows Admins Urged to Patch Critical MSMQ QueueJumper Bug Google and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about an Android vulnerability, CVE-2023-20963, that was reportedly exploited as a zero-day by the Chinese shopping app Pinduoduo, affecting millions of devices. Google and CISA Issue Warning on Android Flaw Exploited by Chinese App Google has issued an emergency security update for its Chrome browser to tackle the first zero-day vulnerability exploited in attacks since the beginning of the year. Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.Īpple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content.Īpple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.Įmergency Chrome Update Addresses First Zero-Day of 2023 Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. Invincea acquired it earlier from the original author Ronen Tzur in December 2013.Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. Sophos acquired Sandboxie when it bought cyber-security firm Invincea in February 2017. Until the open source transition is completed, Sophos have decided to make all restricted features of Sandboxie completely free.
“After thoughtful consideration we decided that the best way to keep Sandboxie going was to give it back to its users – transitioning it to an open source tool,” Geftic added. More importantly, we love the Sandboxie community too much to do that,” he said.
However, we love the technology too much to see it fade away. “Frankly, the easiest and least costly decision for Sophos would have been to simply end of life Sandboxie. “Sandboxie has never been a significant component of Sophos’ business, and we have been exploring options for its future for a while,” said Seth Geftic, Director of Product Marketing at Sophos. Why transition it to an open source tool? The latest version, Sandboxie 5.31.4, which was released on Tuesday is the first version of Sandboxie that is available as freeware.
0 kommentar(er)
