Threats & Malware, Vulnerabilities
October 24, 2022
Via: Security WeekDavide Virruso of Yoroi discovered that the web-based management interface of Identity Services Engine is affected by an unauthorized file access flaw that can allow a remote, authenticated attacker to read and delete files on impacted devices. The issue is […]
Threats & Malware, Vulnerabilities
September 30, 2022
Via: Security WeekThe bugs were resolved as part of Cisco’s semiannual bundle patches for its networking software, which it releases in March and September. With a CVSS score of 8.6, the most severe of the newly addressed issues are six vulnerabilities that […]
Threats & Malware, Vulnerabilities
September 12, 2022
Via: Security WeekTracked as CVE-2022-20696, the issue exists because of insufficient protection mechanisms on messaging server container ports, allowing an unauthenticated attacker to connect to an affected system using these ports. “To exploit this vulnerability, the attacker must be able to send […]
September 12, 2022
Via: Dark ReadingA month after confirming its systems were breached, networking giant Cisco reported that the attack was a failed ransomware attempt conducted on behalf of the Lapsus$ group. The cybercriminals obtained access to Cisco’s systems with a social engineering attack that […]
Threats & Malware, Vulnerabilities
August 25, 2022
Via: Security WeekCisco this week announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches. Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited […]
August 11, 2022
Via: Help Net SecurityU.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. But according to Cisco’s Talos threat intelligence team, the breach resulted in the exfiltraton of inconsequential […]
March 10, 2022
Via: Help Net SecurityThe cyber activities related to the ongoing war in Ukraine have run the gamut from wiper malware hitting organizations and the border control in Ukraine, DDoS attacks aimed at government and media websites, and cyber disruption of satellite-based internet service, […]
Threats & Malware, Vulnerabilities
March 4, 2022
Via: Security WeekOnly five of the vulnerabilities added this week to CISA’s catalog have a 2022 CVE identifier, namely flaws patched last month in Cisco’s Small Business RV160, RV260, RV340, and RV345 series routers. The Cisco vulnerabilities are all rated “critical severity” […]
Threats & Malware, Vulnerabilities
February 3, 2022
Via: Help Net SecurityCisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system. “The Cisco PSIRT […]
Threats & Malware, Vulnerabilities
November 5, 2021
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a catalog of vulnerabilities, including from Apple, Cisco, Microsoft, and Google, that have known exploits and are being actively exploited by malicious cyber actors, in addition to requiring federal agencies […]
Threats & Malware, Vulnerabilities
October 14, 2021
Via: Help Net SecurityContinuity issued a research report which provided an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage systems have a significantly weaker security posture than the other two layers of IT infrastructure: compute or […]
Threats & Malware, Vulnerabilities
November 5, 2020
Via: Security WeekThe Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker […]
October 22, 2020
Via: Computer WeeklyGuaranteeing appropriate access to enterprise systems for remote workers has been the biggest cyber security challenge faced by IT teams during the pandemic, but it’s a good opportunity to improve business resilience by committing to a far higher standard of […]
Cyber warfare, Cyber-crime, Threats & Malware, Vulnerabilities
October 21, 2020
Via: Help Net SecurityThe US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access […]
Threats & Malware, Vulnerabilities
September 1, 2020
Via: Help Net SecurityA technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators […]
Network security, Security, Threats & Malware, Vulnerabilities
July 31, 2020
Via: Help Net SecurityCisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager flaws Cisco Data Center Network Manager is the network management platform […]
Threats & Malware, Vulnerabilities
July 16, 2020
Via: Security AffairsCisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices. Cisco also addressed […]
Network security, Security, Threats & Malware, Vulnerabilities
July 2, 2020
Via: Security WeekOf the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows a remote, unauthenticated attacker to access a device’s […]
Threats & Malware, Vulnerabilities
June 11, 2020
Via: Security AffairsSecurity experts from Cisco Talos have released technical details on a recently addressed vulnerability in Firefox, tracked as CVE-2020-12405, that could be exploited by attackers for remote code execution. The issue is a use-after-free in SharedWorkerService flaw and received a […]
Threats & Malware, Vulnerabilities
June 4, 2020
Via: Security WeekThe vulnerabilities, tracked as CVE-2020-6109 and CVE-2020-6110 and both rated high severity, have been described as path traversal issues that could ultimately lead to arbitrary code execution. One impacts Zoom 4.6.10, 4.6.11 and likely earlier versions, and one of them […]