Security Affairs

Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads

Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed […]

The post Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads appeared first on Security Affairs.

January 24, 2023
0 comment
Read More >>

Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code

Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked as CVE-2023-21433 and CVE-2023-21434, in Samsung Galaxy Store that could be exploited to install applications or execute malicious JavaScript code. […]

The post Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code appeared first on Security Affairs.

January 23, 2023
0 comment
Read More >>

Companies impacted by Mailchimp data breach warn their customers

The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach, the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and […]

The post Companies impacted by Mailchimp data breach warn their customers appeared first on Security Affairs.

January 23, 2023
0 comment
Read More >>

Massive Ad fraud scheme VASTFLUX targeted over 11 million devices

Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The name VASTFLUX comes from the evasion technique “fast flux” and VAST, the Digital Video Ad Serving Template that was abused by threat actors in this fraudulent scheme. The researchers […]

The post Massive Ad fraud scheme VASTFLUX targeted over 11 million devices appeared first on Security Affairs.

January 23, 2023
0 comment
Read More >>

Video game firm Riot Games hacked, now it faces problems to release content

Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer known for the creation of the popular games League of Legends and Valorant. Last week threat actors hacked the company’s systems in its development environment, Riot Games […]

The post Video game firm Riot Games hacked, now it faces problems to release content appeared first on Security Affairs.

January 23, 2023
0 comment
Read More >>

Expert found critical flaws in OpenText Enterprise Content Management System

The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE. Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise content management (ECM) product. OpenText Extended ECM is an enterprise CMS platform that manages the information lifecycle by integrating with leading enterprise applications, […]

The post Expert found critical flaws in OpenText Enterprise Content Management System appeared first on Security Affairs.

January 22, 2023
0 comment
Read More >>

Roaming Mantis uses new DNS changer in its Wroba mobile malware

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Roaming Mantis surfaced in March 2018 when hacked routers in Japan to […]

The post Roaming Mantis uses new DNS changer in its Wroba mobile malware appeared first on Security Affairs.

January 22, 2023
0 comment
Read More >>

Security Affairs newsletter Round 403 by Pierluigi Paganini

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. The Irish DPC fined WhatsApp €5.5M for violating GDPR Around 19,500 end-of-life Cisco routers are exposed […]

The post Security Affairs newsletter Round 403 by Pierluigi Paganini appeared first on Security Affairs.

January 22, 2023
0 comment
Read More >>

The Irish DPC fined WhatsApp €5.5M for violating GDPR

The Irish Data Protection Commission (DPC) fined Meta’s WhatsApp €5.5 million for violating data protection laws. The popular messaging app WhatsApp has been fined €5.5m by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR). The DPC has given six months to the Meta-owned company to bring its data processing […]

The post The Irish DPC fined WhatsApp €5.5M for violating GDPR appeared first on Security Affairs.

January 21, 2023
0 comment
Read More >>

Around 19,500 end-of-life Cisco routers are exposed to hack

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security […]

The post Around 19,500 end-of-life Cisco routers are exposed to hack appeared first on Security Affairs.

January 21, 2023
0 comment
Read More >>