Cisco News, Articles and Updates

Cisco patches vulnerability in WebEx

A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.

Hackers using flaw in Cisco switches to attack

US Homeland Security warned Russian state actors behind attacks on US energy grid. Security researchers have warned that hackers are using badly-configured Cisco switches to gain entry into the infrastructure of organisations.

Talos details vulnerabilities in Allen-Bradley Programmable Controllers

Cisco Talos has detailed several vulnerabilities found in four Rockwell Automation Allen-Bradley MicroLogix 1400 Programmable Logic Controllers that are used in conjunction with industrial control systems.

Common-sense GoScanSSH author avoids infecting high-risk targets

Researchers at Cisco's Talos Intelligence Group have identified a new malware family, dubbed GoScanSSH, that compromises SSH servers. Well, those not attached to government, law enforcement or military domains anyway. Note: SC Media UK will not be publishing during UK Easter holidays, resuming 2nd April 2018.

Adobe ReaderDC arbitrary code execution vulnerability found

Cisco Talos has made public a new vulnerability in Adobe ReaderDC that if exploited can lead to arbitrary code execution.

Cryptocurrency mining crimeblotter, Apache CouchDB & other vulnerabilities

The amount of illegal cryptocurrency mining that is now taking place makes keeping track a difficult task, but here is a quick roundup of what was has been spotted over the last few days.

2018 Winter Olympics hit with destroyer malware during opening ceremony

Warnings that the 2018 Winter Olympic Games would be the target for hackers came true almost immediately as the Pyeongchang computer system was hit with a "destroyer" cyber-attack knocking its website and other services offline.

Cisco updates router firmware to prevent remote code execution, DoS attacks

Cisco Systems on Wednesday issued 20 security updates, notably patching a critical vulnerability in two router products that could resulted in remote code execution or a denial of service condition.

Cisco takes a second crack at fixing critical ASA bug

Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.

Cisco update eliminates DoS vulnerability in Aggregation Services Router OS

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

Cisco warns of a critical vulnerability in its SSL VPN solution

Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.

Cisco patches ASA software flaw allowing VPN hacks

Cisco's latest security update patches an Adaptive Security Appliance (ASA) software vulnerability that could allow an attacker to gain complete control of an affected system.

US National Cyber Security Alliance Data Privacy Day

In the US the National Cyber Security Alliance's Data Privacy Day kick off event took place on 25 January, three days before the actual event yesterday, and featured several events including a conference that was livestreamed.

74% of privacy-immature organisations hit by losses of more than £350,000

Many organisations have been investing in resources and processes to meet GDPR standards ahead of the May deadline according to Cisco's first Privacy Maturity Benchmark Study.

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix an array of vulnerabilities, including high-impact bugs in its Unified Customer Voice Portal (CVP), its NX-OS Software, and its Email Security Appliance (ESA).

Blender 3D open source platform plagued with arbitrary code vulnerabilities

Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

Contestants launch nearly 39,000 attacks in Radware Hacker's Challenge

The first-ever US-based Radware Hacker's Challenge took place in NYC last week, daring pentesters, bug bounty hunters, and other security pros to launch attacks on a simulated network and website in a race against the clock.

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

Cisco: Critical vulnerability in 12 types of Voice OS-based products

Cisco has patched a critical flaw in its Voice-OS which could allow an unauthenticated, remote hacker to gain elevated access to 12 types of its products.

Cisco patches remote code execution flaws in IOS and IOS XE

Cisco released a series of updates to address vulnerabilities affecting its IOS and IOS XE products one of which could have allowed remote code execution in both products.

ICYMI: Equation group, Hutzero, Cyber-security unemployment, CEO responsibility and Lord Blunkett

This week: Leaked NSA hacking tools go to work on Cisco customers, The first class of a new cyber-security school graduates, European CEOs no longer pass the buck on security, and Lord Blunkett opens a Cyber-Highway

NSA hacking tools used against Cisco customers

The Shadow Brokers' dump of NSA-linked hacking tools are now being used against Cisco customers

Extrabacon flaw isn't being patched quick enough by organisations

Cisco issues patch for Extrabacon vulnerability but thousands of routers at risk from exploit allegedly created by the NSA's Equation Group.

Cisco reportedly shedding 20% of its workforce

The world's biggest networking equipment company, Cisco Systems, will layoff about 14,000 employees.

'Wizz' kids: Talos researchers pinpoint French firm as source of spyware-adware threat

A supposedly legitimate French software firm, Tuto4PC, has actually infected an estimated 12 million PC users with a generic Trojan disguised as downloadable utilities programmes, according to an analysis from Cisco's Talos research division.

ICYMI: Facebook flaw; Verizon report; 5 Cisco alerts; TalkTalk arrest; Crime up

The latest In Case You Missed It (ICYMI) looks at Facebook backdoor; Verizon findings; Cisco vulnerabilities; 6th TalkTalk arrest; cyber-crime rampant

Cisco flags five product vulnerabilities that could trigger denial of service

Cisco issued five security alerts last week, issuing software updates to patch a series of vulnerabilities, any of which could potentially trigger a denial of service condition.

Cisco patches critical vulnerability in Nexus devices

Cisco Wednesday warned users of a critical vulnerability in Nexus 3000 and 3500 series switches.

FIC 2016: Is security the main challenge of the Internet of Everything?

Christophe Jolly of Cisco France took the stage at FIC 2016 to outline the fundamental security problems in the looming "internet of everything".