Security News
Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of...
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. Citizen Lab disclosed two other zero-days, fixed by Apple in September and abused as part of a zero-click exploit chain to install NSO Group's Pegasus spyware.
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but thousands of systems continue to be compromised, internet scans show.
The vulnerability, which the researchers named iLeakage, enables threat actors to read Gmail messages, reveal passwords and uncover other personal information. The iLeakage vulnerability has not yet been exploited in the wild as of October 27.
The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various...
After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. The flaw in the networking giant's IOS XE software, which allowed criminals to hijack thousands of Cisco switches and routers, first came to light last Monday.
Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. Both vulnerabilities, which Cisco tracks as CSCwh87343, are in the web UI of Cisco devices running the IOS XE software.
Cisco has released the first fixes for the IOS XE zero-day exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity companies and organizations have noticed a drastic reduction in the number of internet-facing Cisco devices that saddled with the implant.
The number of Cisco IOS XE devices detected with a malicious backdoor implant has plummeted from over 50,000 impacted devices to only a few hundred after the attackers updated the backdoor to hide infected systems from scans. This week, Cisco warned that hackers exploited two zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to hack over 50,000 Cisco IOS XE devices to create privileged user accounts and install a malicious LUA backdoor implant.
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that hackers exploited two zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to hack over 50,000 Cisco IOS XE devices to create privileged user accounts and install a malicious LUA backdoor implant.