Threats & Malware, Vulnerabilities
January 31, 2024
Via: The RegisterSecurity researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]
December 6, 2023
Via: The RegisterCisco’s executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle. Speaking […]
Threats & Malware, Virus & Malware
November 16, 2023
Via: The RegisterAffiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims’ systems. Paid adverts for popular business software such as Slack and Cisco AnyConnect are being used to lure corporate victims into […]
Threats & Malware, Vulnerabilities
October 23, 2023
Via: The RegisterAfter a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]
September 21, 2023
Via: The RegisterCisco is making its most expensive acquisition ever – by far – with an announcement it’s buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b). The transaction, which Cisco said it expects to close […]
September 8, 2023
Via: The Hacker NewsCisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of […]
Threats & Malware, Vulnerabilities
June 8, 2023
Via: The Hacker NewsVMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as […]
Threats & Malware, Vulnerabilities
May 18, 2023
Via: The RegisterCisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment. Specifically, the flaws in the web user interface can be used to run […]
Threats & Malware, Vulnerabilities
May 18, 2023
Via: CSO OnlineCisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices […]
Threats & Malware, Vulnerabilities
May 5, 2023
Via: The Hacker NewsCisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of […]
Threats & Malware, Vulnerabilities
April 21, 2023
Via: The Hacker NewsCisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw […]
February 8, 2023
Via: Help Net SecurityCisco customers can now access new risk-based capabilities across Cisco’s security portfolio to better protect hybrid work and multi-cloud environments. These advancements demonstrate progress towards realizing the full vision of the Cisco Security Cloud which will protect the integrity of […]
Threats & Malware, Vulnerabilities
February 3, 2023
Via: The Hacker NewsF5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP […]
Threats & Malware, Vulnerabilities
January 12, 2023
Via: Help Net SecurityCisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and […]
Threats & Malware, Vulnerabilities
December 12, 2022
Via: Help Net SecurityA high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the company has confirmed. Cisco‘s PSIRT is also aware that proof-of-concept exploit code is available […]
Threats & Malware, Vulnerabilities
December 9, 2022
Via: Security AffairsCisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading […]
Threats & Malware, Vulnerabilities
November 28, 2022
Via: Security WeekAn identity-based network access control (NAC) and policy enforcement system, Cisco ISE allows administrators to control endpoint access and manage network devices. A total of four vulnerabilities have been identified by a researcher in ISE, the exploitation of all requiring […]
Application security, Security
November 14, 2022
Via: CSO OnlineSoftware developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring […]
Threats & Malware, Vulnerabilities
November 11, 2022
Via: Security WeekThe most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]
Threats & Malware, Vulnerabilities
October 26, 2022
Via: The Hacker NewsCisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated […]