Cisco

Malware & Threats

Issued by: Security Week

Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. Smart Install can be very useful for organizations, but it can also pose a serious security risk. Once a device has been set up through Smart Install, the feature remains enabled and it can be accessed without…

Vulnerabilities

Issued by: Security Week

SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…

Software Security

Issued by: Dark Reading

Cisco today confirmed plans to acquire Kenna Security, provider of vulnerability management technology, with plans to integrate its capabilities into the SecureX platform. Kenna Security’s technology uses machine learning to analyze threat data and identify which risks organizations should prioritize – a useful technology to have at a time when organizations are struggling with a…

Software Security

Issued by: Security Week

Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues. The bugs are not dependent on one another and their exploitation doesn’t require exploitation of the others. One of the critical flaws (CVE-2021-1468, CVSS score 9.8) could allow unauthenticated, remote attackers to call privileged actions and even create new administrative accounts,…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…

Vulnerabilities

Issued by: Help Net Security

We are beginning to shift away from what has long been our first and last line of defense: the password. It’s an exciting time. Since the beginning, passwords have aggravated people. Meanwhile, passwords have become the de facto first step in most attacks. Yet I can’t help but think, what will the consequences of our…

Vulnerabilities

Issued by: Help Net Security

Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations. About the vulnerabilities The…

Software Security

Issued by: Help Net Security

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager flaws Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking…