Cisco Archives - Page 4 of 6 - Cyber Security Minute

Cisco Patches Critical Flaws in SD-WAN, HyperFlex HX Products

Issued by: Security Week

Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues. The bugs are not dependent on one another and their exploitation doesn’t require exploitation of the others. One of the critical flaws (CVE-2021-1468, CVSS score 9.8) could allow unauthenticated, remote attackers to call privileged actions and even create new administrative accounts,…

Vulnerabilities

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Issued by: Security Week

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…

Vulnerabilities

Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software

Issued by: Security Week

Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software. In fact, a majority of the security advisories released by the company for its Stratix products address flaws that exist in Cisco software. The latest Stratix advisory released by Rockwell covers a total of 8…

Vulnerabilities

Can we trust passwordless authentication?

Issued by: Help Net Security

We are beginning to shift away from what has long been our first and last line of defense: the password. It’s an exciting time. Since the beginning, passwords have aggravated people. Meanwhile, passwords have become the de facto first step in most attacks. Yet I can’t help but think, what will the consequences of our…

Vulnerabilities

Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers

Issued by: Help Net Security

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations. About the vulnerabilities The…

Software Security

Cisco fixes critical flaws in data center and SD-WAN solutions

Issued by: Help Net Security

Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software. Cisco Data Center Network Manager flaws Cisco Data Center Network Manager is the network management platform for all NX-OS-enabled deployments, spanning new fabric architectures, IP Fabric for Media, and storage networking…

Software Security

Investigation highlights the dangers of using counterfeit Cisco switches

Issued by: Help Net Security

An investigation, which concluded that counterfeit network switches were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware. Counterfeit Cisco Catalyst 2960-X series switches F-Secure Consulting’s Hardware Security team investigated two different counterfeit versions of Cisco Catalyst 2960-X series switches. The counterfeits were discovered by an IT company…

Network Security

Privacy ROI: Benefits from data privacy averaging 2.7 times the investment

Issued by: Help Net Security

Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorized and authorized users, and preparation for the GDPR and similar laws around the globe spurred many organizations to make considerable privacy investments – which are now delivering strong returns, Cisco reveals. The study is based on…

Network Security

Greater Focus on Privacy Pays Off for Firms

Issued by: Dark Reading

Companies that invest in privacy see an average return of 270% on their investments, with seven out of 10 companies seeing significant benefits from their privacy expenditures, according to an annual survey published by Cisco today. In addition, more mature companies — as measured by a five-point accountability score — saw greater returns on their…

Network Security

Cisco Warns of Zero-Day Vulnerability in Security Appliances

Issued by: Security Week

The zero-day flaw, tracked as CVE-2018-15454, is related to the Session Initiation Protocol (SIP) inspection engine used in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. A remote and unauthenticated attacker can exploit the vulnerability to cause an affected device to reload or consume CPU resources, resulting in a denial-of-service (DoS)…