Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

4 years ago Andrew Swoboda
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine.

VMware fixed a privilege escalation issue in VMware Tools

VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. According to Security Affairs, an attacker with local non-administrative access to the Guest OS can trigger the CVE-2022-31676 flaw to escalate privileges on a compromised system.

“VMware Tools suite was subject to a privilege escalation vulnerability. An attacker could gain root privileges upon successful exploitation of this vulnerability. This vulnerability was resolved in versions 12.1.0 and 10.3.25.”

GitLab issues patch for critical flaw in its Community and Enterprise software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system. Hacker News reports that a successful exploitation of the critical flaw could enable a malicious actor to run malicious code on the target machine, inject malware and backdoors, and seize complete control of the susceptible devices.

“GitLab is subject to an arbitrary code execution vulnerability. An attacker could execute arbitrary code upon successful exploitation of this vulnerability. An attacker would need access to the import API to exploit this issue. This issue has been resolved in versions 15.3.1, 15.2.3, and 15.1.5. The issue can be mitigated by disabling import option.”

Microsoft publicly discloses details on critical ChromeOS flaw

According to Security Affairs, Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. The vulnerability is tracked as CVE-2022-2587 and bears a CVSS score of 9.8.

“Microsoft reported a vulnerability in ChromeOS to Google in April 2022. This vulnerability is being tracked as CVE-2022-2587. This vulnerability could allow an attacker to cause denial of service conditions and potentially execute arbitrary code. To trigger this vulnerability an attacker needs to craft malicious metadata associated with songs. This vulnerability occurred because there was not proper validation of user supplied data. This lack of validation lead to a heap-based buffer overflow. Google has since resolved this issue in ChromeOS.”

Fake Chrome extension ‘Internet Download Manager’ has 200,000 installs

Bleeping Computer reported that a Google Chrome extension ‘Internet Download Manager’, which is installed by more than 200,000 users, is adware. The extension has been sitting on the Chrome Web Store since at least June 2019, according to the earliest reviews posted by users.

“More than 200,000 users have installed an extension called “Internet Download Manager.” This extension is adware and has been present on the Chrome Web Store since June 2019. Once installed the extension opens links to spammy sites, changes the default browser search engine, and hounds the user with pop-ups.

There is a legitimate extension called Internet Download Manager created by Tonec, but it is actually called ‘IDM Integration Module’. Any IDM extension on the Chrome Web Store is considered fake and should not be used.”

Keep in Touch with Tripwire VERT

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.

Previous VERT Cybersecurity News Roundups

  • August 15, 2022
  • August 8, 2022
  • August 1, 2022
  • July 25, 2022
  • June 20, 2022
  • June 6, 2022
  • May 30, 2022
  • May 16, 2022
  • May 2, 2022
  • April 25, 2022
  • April 18, 2022

The post ” Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022″ appeared first on TripWire

Source:TripWire – Andrew Swoboda

Tags: Critical Severity, Exploit, Google, Google Chrome, Hacker, Hacker News, Microsoft, TripWire, VMWARE, Vulnerability

Continue Reading

Previous Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users
Next A CISO’s Ultimate Security Validation Checklist

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

2 days ago [email protected] (The Hacker News)

Recent Posts

  • FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
  • Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
  • CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
  • Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT