Cisco Flags Critical SD-WAN Vulnerability
A critical security vulnerability in Cisco’s SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco…
VA OIG Audit Uncovers Vulnerability Management Weaknesses
Configuration management – especially vulnerability patching – is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration issues to be a top weakness at a VA healthcare system in Arizona. The Veterans Affairs Office of Inspector General in a report issued Tuesday said…
Exploit Code Published for Remote Root Flaw in VMware Logging Software
In an update to a critical-level advisory originally released in April this year, VMware said it has confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The vulnerability, which carries a CVSS severity score of 9.8 out of 10, allows an unauthenticated, malicious actor…
Ransomware Halts Operations at Japan’s Port of Nagoya
Cargo containers filled with imports and exports from all over the world have been stuck at the Port of Nagoya following a ransomware attack on its networks early Tuesday morning. The port is the largest in Japan and the central shipping hub for international carmaker Toyota. According to its operator, Nagoya Harbor Transportation, it received…
Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier
Taiwan Semiconductor Manufacturing Company (TSMC) — one of Apple’s biggest semiconductor suppliers — on Friday blamed a third-party IT hardware supplier for a data breach that has exposed the company to a $70 million ransom demand from the LockBit ransomware group. In an emailed statement to Dark Reading, TSMC confirmed multiple reports about the security…
Cisco launches new network, security, and observability solutions and previews generative AI capabilities for Webex and Security Cloud
Cisco’s innovative technologies help connect the dots of its network- and cloud-based ecosystem. A tremendous number of enterprises and service providers view Cisco as the nexus of their network, security, and cloud operations. At the company’s Cisco Live customer and partner conference in June, Cisco boldly connected the dots of a network- and cloud-based ecosystem…
Critical flaw in VMware Aria Operations for Networks sees mass exploitation
Researchers warn that a vulnerability patched this month in VMware Aria Operations for Networks, formerly known as vRealize Network Insight, is now seeing exploitation en masse. The flaw allows for remote code execution through command injection and is rated with critical severity. “New data from Akamai shows the scale of active scanning for sites vulnerable…
Public exploit is now available for Cisco AnyConnect VPN client
An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it. Cisco Secure Client for Windows, previously known…
Experts found components of a complex toolkit employed in macOS attacks
Bitdefender researchers discovered a set of malicious files with backdoor capabilities that are suspected to be part of a sophisticated toolkit designed to target Apple macOS systems. The investigation is still ongoing, the experts pointed out that the samples are still largely undetected. The researchers analyzed a total of four samples that were uploaded to…
Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security
ASIS International and the Security Industry Association (SIA) closed out the inaugural Security LeadHER conference this week, celebrating a successful and groundbreaking first event held June 12-13 in Nashville, Tennessee. The event was dedicated to advancing, connecting and empowering women in the security profession. Approximately 300 current and future “LeadHERs” and attendees of all backgrounds…
