Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2023-20026: Cisco Security Advisory: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

CVE
Open in Source
#vulnerability#web#ios#cisco#perl#auth
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were

Massive Adware Campaign Shuttered

Mainly Apple iOS in-app ads were targeted, injecting malicious JavaScript code to rack up phony views.

Attackers Crafted Custom Malware for Fortinet Zero-Day

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted

By Waqas The ad fraud was discovered while the researchers were investigating an iOS application that had been heavily impacted by an app spoofing attack. This is a post from HackRead.com Read the original post: Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted

A Sneaky Ad Scam Tore Through 11 Million Phones

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

Following the LNK metadata trail

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.

6 Types of Risk Assessment Methodologies + How to Choose

An organization’s sensitive information is under constant threat. Identifying those security risks is critical to protecting that information. But some risks are bigger than others. Some mitigation options are more expensive than others. How do you make the right decision? Adopting a formal risk assessment process gives you the information you need to set priorities. There are many ways to

Vulnerable Historian Servers Imperil OT Networks

These specialized database servers, which collect and archive information on device operation, often connect IT and OT networks.