Cisco Archives - Page 2 of 6 - Cyber Security Minute

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Issued by: Security Affairs

Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations…

Vulnerabilities

Cisco Flags Critical SD-WAN Vulnerability

Issued by: Dark Reading

A critical security vulnerability in Cisco’s SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco…

Network Security

Cisco launches new network, security, and observability solutions and previews generative AI capabilities for Webex and Security Cloud

Issued by: CSO Online

Cisco’s innovative technologies help connect the dots of its network- and cloud-based ecosystem. A tremendous number of enterprises and service providers view Cisco as the nexus of their network, security, and cloud operations. At the company’s Cisco Live customer and partner conference in June, Cisco boldly connected the dots of a network- and cloud-based ecosystem…

Vulnerabilities

Public exploit is now available for Cisco AnyConnect VPN client

Issued by: CSO Online

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known…

Malware & Threats

Russian cyber spy group APT28 backdoors Cisco routers via SNMP

Issued by: CSO Online

APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always…

Network Security

Safe Security Raises $50M to Bring ML to Risk Quantification

Issued by: DataBreach Today

A cyber risk quantification startup backed by ex-Cisco CEO John Chambers has raised $50 million to apply machine-learning technology and build more API adapters. The Silicon Valley-based company said the Series B funding will allow Safe Security to capitalize on generative artificial intelligence to help nontechnical leaders better understand their organizations security postures, said co-founder…

Vulnerabilities

Critical bug in Cisco EoL Small Business Routers will receive no patch

Issued by: Security Affairs

Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL). The flaw is an authentication bypass issue…

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products

Issued by: Security Week

The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities. One of them, tracked as CVE-2022-20814 and related to improper certificate validation, can allow a remote, unauthenticated attacker to access sensitive data through a man-in-the-middle attack. Successful exploitation of the flaw can result in…

Application Security, Software Security

How AWS, Cisco, Netflix & SAP Are Approaching Cybersecurity Awareness Month

Issued by: Dark Reading

For those of us in the industry, cybersecurity is a priority 365 days a year. But for a brief window in October during Cybersecurity Awareness Month, the spotlight is on us. Given its importance in daily life, cybersecurity awareness has gained momentum in recent years — but there is still much to do. Cybersecurity Awareness…

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Business Switches

Issued by: Security Week

Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition. The flaw exists due to incomplete input validation of specific OSPFv3 packets, allowing an attacker to send a malicious OSPFv3 link-state advertisement (LSA) to…