Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Researchers Find Way to Run Malware on iPhone Even When It's OFF

A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate

The Hacker News
Open in Source
#ios#apple#The Hacker News
Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

By Deeba Ahmed Cobalt Mirage is an Irani threat group believed to be linked to the Iranian Cobalt Illusion threat group,… This is a post from HackRead.com Read the original post: Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

CVE-2022-29587: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals

Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.

CVE-2022-30770: Terminalfour 8.3.8 Release Notes

Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.

CVE-2022-30708: Webmin

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.

A Guide to Using VPNs on Your Smartphone 

By Waqas A VPN these days is a must as we know it. The recent growth of VPN use has… This is a post from HackRead.com Read the original post: A Guide to Using VPNs on Your Smartphone

CVE-2022-24297: INTEL-SA-00654

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2021-33117: INTEL-SA-00586

Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.

CVE-2021-0153: INTEL-SA-00601

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.