Top

Tag: Cisco


Threats & Malware, Vulnerabilities

Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks

January 31, 2024

Via: The Register

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations’ systems. In eight of security company TrueSec’s most recent incident response engagements that involved Akira and […]


Network security, Security

Cisco intros AI to find firewall flaws, warns this sort of thing can’t be free

December 6, 2023

Via: The Register

Cisco’s executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle. Speaking […]


Threats & Malware, Virus & Malware

BlackCat plays with malvertising traps to lure corporate victims

November 16, 2023

Via: The Register

Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims’ systems. Paid adverts for popular business software such as Slack and Cisco AnyConnect are being used to lure corporate victims into […]


Threats & Malware, Vulnerabilities

Cisco fixes critical IOS XE bug but malware crew way ahead of them

October 23, 2023

Via: The Register

After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]


Network security, Security

Cisco spends $28B on data cruncher Splunk in cybersecurity push

September 21, 2023

Via: The Register

Cisco is making its most expensive acquisition ever – by far – with an announcement it’s buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b). The transaction, which Cisco said it expects to close […]


Network security, Security

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

September 8, 2023

Via: The Hacker News

Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of […]


Threats & Malware, Vulnerabilities

Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities

June 8, 2023

Via: The Hacker News

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as […]


Threats & Malware, Vulnerabilities

Cisco squashes critical bugs in small biz switches

May 18, 2023

Via: The Register

Cisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment. Specifically, the flaws in the web user interface can be used to run […]


Threats & Malware, Vulnerabilities

Critical remote code execution flaws patched in Cisco small business switches

May 18, 2023

Via: CSO Online

Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices […]


Threats & Malware, Vulnerabilities

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

May 5, 2023

Via: The Hacker News

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of […]


Threats & Malware, Vulnerabilities

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

April 21, 2023

Via: The Hacker News

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw […]


Cloud security, Security

Cisco’s innovations protect hybrid work and multi-cloud environments

February 8, 2023

Via: Help Net Security

Cisco customers can now access new risk-based capabilities across Cisco’s security portfolio to better protect hybrid work and multi-cloud environments. These advancements demonstrate progress towards realizing the full vision of the Cisco Security Cloud which will protect the integrity of […]


Threats & Malware, Vulnerabilities

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

February 3, 2023

Via: The Hacker News

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP […]


Threats & Malware, Vulnerabilities

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

January 12, 2023

Via: Help Net Security

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and […]


Threats & Malware, Vulnerabilities

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)

December 12, 2022

Via: Help Net Security

A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the company has confirmed. Cisco‘s PSIRT is also aware that proof-of-concept exploit code is available […]


Threats & Malware, Vulnerabilities

Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series

December 9, 2022

Via: Security Affairs

Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a stack overflow on an affected device leading […]


Threats & Malware, Vulnerabilities

Cisco ISE Vulnerabilities Can Be Chained in One-Click Exploit

November 28, 2022

Via: Security Week

An identity-based network access control (NAC) and policy enforcement system, Cisco ISE allows administrators to control endpoint access and manage network devices. A total of four vulnerabilities have been identified by a researcher in ISE, the exploitation of all requiring […]


Application security, Security

How Cisco keeps its APIs secure throughout the software development process

November 14, 2022

Via: CSO Online

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring […]


Threats & Malware, Vulnerabilities

Cisco Patches 33 Vulnerabilities in Enterprise Firewall Products

November 11, 2022

Via: Security Week

The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]


Threats & Malware, Vulnerabilities

Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

October 26, 2022

Via: The Hacker News

Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows. Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated […]