Tag: Cisco

October 24, 2022

Davide Virruso of Yoroi discovered that the web-based management interface of Identity Services Engine is affected by an unauthorized file access flaw that can allow a remote, authenticated attacker to read and delete files on impacted devices. The issue is […]

September 30, 2022

The bugs were resolved as part of Cisco’s semiannual bundle patches for its networking software, which it releases in March and September. With a CVSS score of 8.6, the most severe of the newly addressed issues are six vulnerabilities that […]

September 12, 2022

Tracked as CVE-2022-20696, the issue exists because of insufficient protection mechanisms on messaging server container ports, allowing an unauthenticated attacker to connect to an affected system using these ports. “To exploit this vulnerability, the attacker must be able to send […]

September 12, 2022

A month after confirming its systems were breached, networking giant Cisco reported that the attack was a failed ransomware attempt conducted on behalf of the Lapsus$ group. The cybercriminals obtained access to Cisco’s systems with a social engineering attack that […]

August 25, 2022

Cisco this week announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches. Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited […]

August 11, 2022

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. But according to Cisco’s Talos threat intelligence team, the breach resulted in the exfiltraton of inconsequential […]

March 10, 2022

The cyber activities related to the ongoing war in Ukraine have run the gamut from wiper malware hitting organizations and the border control in Ukraine, DDoS attacks aimed at government and media websites, and cyber disruption of satellite-based internet service, […]

March 4, 2022

Only five of the vulnerabilities added this week to CISA’s catalog have a 2022 CVE identifier, namely flaws patched last month in Cisco’s Small Business RV160, RV260, RV340, and RV345 series routers. The Cisco vulnerabilities are all rated “critical severity” […]

February 3, 2022

Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system. “The Cisco PSIRT […]

November 5, 2021

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies […]

October 14, 2021

Continuity issued a research report which provided an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage systems have a significantly weaker security posture than the other two layers of IT infrastructure: compute or […]

November 5, 2020

The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker […]

October 22, 2020

Guaranteeing appropriate access to enterprise systems for remote workers has been the biggest cyber security challenge faced by IT teams during the pandemic, but it’s a good opportunity to improve business resilience by committing to a far higher standard of […]

October 21, 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access […]

September 1, 2020

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators […]

July 31, 2020

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager flaws Cisco Data Center Network Manager is the network management platform […]

July 16, 2020

Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices. Cisco also addressed […]

July 2, 2020

Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device’s […]

June 11, 2020

Security experts from Cisco Talos have released technical details on a recently addressed vulnerability in Firefox, tracked as CVE-2020-12405, that could be exploited by attackers for remote code execution. The issue is a use-after-free in SharedWorkerService flaw and received a […]

June 4, 2020

The vulnerabilities, tracked as CVE-2020-6109 and CVE-2020-6110 and both rated high severity, have been described as path traversal issues that could ultimately lead to arbitrary code execution. One impacts Zoom 4.6.10, 4.6.11 and likely earlier versions, and one of them […]