article thumbnail

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Security Affairs

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the decade-old ASA vulnerability CVE-2014-2120 is being actively exploited in attacks in the wild, and urges customers to review the updated advisory. ” reads the advisory.

Software 118
article thumbnail

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Like in so many cases, these vulnerabilities are caused by insufficient sanitization when handling attacker-supplied input.” ” reads the advisory.

Hacking 128
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack

Tech Republic Security

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 194
article thumbnail

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., European, and Asian entities.

Malware 120
article thumbnail

The Mask APT is back after 10 years of silence

Security Affairs

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. At the time, Kaspersky described it as the most sophisticated APT operation they had seen to date.

article thumbnail

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure. The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records.

article thumbnail

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.