FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayThe Hacker News

Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

By Ravie Lakshmanan
Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked asΒ CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

By Ravie Lakshmanan
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked asΒ CVE-2022-20968Β (CVSS score

Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

By Ravie Lakshmanan
Apple on Wednesday backported security updates to older iPhones, iPads, and iPod touch devices to address aΒ critical security flawΒ that has been actively exploited in the wild. The shortcoming, tracked asΒ CVE-2022-32893Β (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content. WebKit is the

Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

By Ravie Lakshmanan
Security flaws have been identified in Xiaomi Redmi Note 9T and Redmi Note 11 models, which could be exploited to disable the mobile payment mechanism and even forge transactions via a rogue Android app installed on the devices. Check Point said it found the flaws in devices powered by MediaTek chipsets during a security analysis of the Chinese handset maker's Trusted Execution Environment (TEE)

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

By Ravie Lakshmanan
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo
❌