article thumbnail

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Security Affairs

Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the decade-old ASA vulnerability CVE-2014-2120 is being actively exploited in attacks in the wild, and urges customers to review the updated advisory. ” reads the advisory.

Software 120
article thumbnail

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

It is not a first time that smartphones come with pre-installed malware, earlier 2015, the security firm Bluebox discovered a preinstalled malware , many malicious apps, and a series of security holes on the Xiaomi Mi 4 smartphone.

Malware 129
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Like in so many cases, these vulnerabilities are caused by insufficient sanitization when handling attacker-supplied input.” ” reads the advisory.

Hacking 130
article thumbnail

Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack

Tech Republic Security

The vulnerabilities have since been patched, but had quietly persisted since the CocoaPods migration in 2014.

Software 200
article thumbnail

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., European, and Asian entities.

Malware 122
article thumbnail

The Mask APT is back after 10 years of silence

Security Affairs

Kaspersky first identified the APT group in 2014, but experts believe the cyber espionage campaign had already been active for over five years. At the time, Kaspersky described it as the most sophisticated APT operation they had seen to date.

article thumbnail

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Security Affairs

Introduced in December 2014 (OpenSSH 6.8p1), this flaw remained active, with FreeBSD enabling VerifyHostKeyDNS by default from 2013 to 2023, increasing exposure. The OpenSSH client vulnerability (CVE-2025-26465) allows an attack to succeed regardless of the VerifyHostKeyDNS setting, without user interaction or reliance on SSHFP DNS records.