Vulnerabilities Archives - Page 4 of 83

Cisco patches serious flaws in Firepower and Identity Services Engine

Issued by: CSO Online

Cisco released several patches for high and critical vulnerabilities affecting several products like its Firepower network security devices, Identity Services Engine (ISE)) network access control platform, and Adaptive Security Appliance (ASA). The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging administrators to deploy the available patches because “a cyber threat actor could…

Vulnerabilities

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Issued by: Dark Reading

Aqua Security, the pioneer in cloud native security, today announced its open source solution Trivy now supports vulnerability scanning for Kubernetes components in addition to Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are in order to substantially reduce risk. Kubernetes has…

Vulnerabilities

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Issued by: Security Affairs

F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. “This vulnerability may allow an unauthenticated…

Vulnerabilities

Virtual Alarm: VMware Issues Major Security Advisory

Issued by: Dark Reading

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…

Vulnerabilities

On Point: Overcoming Vulnerability Management Challenges

Issued by: DataBreach Today

Vulnerability management plays a critical role in ensuring the security and integrity of telecommunications networks. With the ever-evolving threat landscape and increasing sophistication of cyberattacks, effective vulnerability management is essential for telecommunications companies. But the unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Vulnerability Management Challenges…

Vulnerabilities

Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

Issued by: Dark Reading

In the latest in the saga of compromise involving a max-critical Cisco bug that has been exploited as a zero-day as users waited for patches, several security researchers reported observing a sharp decline in the number of infected Cisco IOS XE systems visible to them over the weekend. The drop sparked a rnge of theories…

Vulnerabilities

Cisco Finds New Zero Day Bug, Pledges Patches in Days

Issued by: Dark Reading

Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22. The first Cisco zero-day bug, tracked under CVE-2023-20198, was announced on Oct. 16 and has a severity rating of 10 out of 10. At the time it was discovered, it had already allowed…

Vulnerabilities

Unpatched Zero-Day Being Exploited in the Wild, Cisco Warns

Issued by: DataBreach Today

Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system’s web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in…

Vulnerabilities

Security Pros Warn That EU’s Vulnerability Disclosure Rule Is Risky

Issued by: Dark Reading

The European Union (EU) may soon require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of an exploitation. Many IT security professionals want this new rule, set out in Article 11 of the EU’s Cyber Resilience Act (CRA), to be reconsidered. The rule requires vendors to disclose that they know about…

Vulnerabilities

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….