April 5, 2024 at 11:54AM Cisco issued a warning about a cross-site scripting (XSS) vulnerability in end-of-life RV series small business routers, impacting discontinued models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw, CVE-2024-20362, is remotely exploitable and lacks a workaround. Cisco also announced other vulnerability patches, including a high-severity defect in Nexus Dashboard … Read more
March 8, 2024 at 03:45AM Cisco has addressed a high-severity security flaw in its Secure Client software, known as CVE-2024-20337, which could be exploited for a VPN session with a targeted user. A successful exploit could permit an attacker to execute arbitrary script code in the browser. Another high-severity flaw in Secure Client for Linux, … Read more
March 4, 2024 at 12:54PM The German Ministry of Defense has confirmed the authenticity of leaked recordings of high-ranking officials discussing Ukraine’s war efforts. The call was hosted on Cisco’s WebEx platform and possibly intercepted by a Russian agent. Discussions reveal potential support for Ukraine, including supplying Taurus missiles. Russia has used the leak to … Read more
February 16, 2024 at 11:39AM The U.S. CISA added a now-patched security flaw in Cisco software to its Known Exploited Vulnerabilities catalog due to likely exploitation in Akira ransomware attacks. The flaw, CVE-2020-3259, allows attackers to retrieve device memory contents. Federal agencies must fix vulnerabilities by March 7, 2024. Ransomware is a growing problem, attracting … Read more
February 16, 2024 at 06:57AM The US security agency CISA has added CVE-2020-3259, a vulnerability affecting Cisco ASA and FTD products, to its Known Exploited Vulnerabilities catalog. It allows remote attackers to access sensitive information. CISA urges organizations to address it promptly after evidence suggesting exploitation by the Akira ransomware group emerged. Cisco is advised … Read more
October 24, 2023 at 03:03PM Rockwell Automation has issued a warning to customers that its Stratix industrial switches are vulnerable to an actively exploited Cisco IOS XE zero-day vulnerability. Hackers have been taking advantage of this vulnerability to create high-privileged accounts and gain complete control of affected devices. Rockwell has confirmed that its Stratix 5800 … Read more
October 22, 2023 at 01:42PM The number of Cisco IOS XE devices hacked with a malicious backdoor implant has dramatically decreased from over 50,000 to only a few hundred. It is unclear why this decline has occurred, with researchers speculating that the threat actors may have deployed an update to hide their presence or a … Read more
October 21, 2023 at 12:33AM Cisco has alerted users to a zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor. The flaw, tracked as CVE-2023-20273, allows for privilege escalation and the deployment of a malicious implant. Cisco has identified a fix and recommends disabling the HTTP server feature until … Read more
October 17, 2023 at 07:12AM Cisco has issued a warning about a zero-day vulnerability, CVE-2023-20198, affecting its IOS XE software. The vulnerability allows remote attackers to gain privileged access and take control of devices, potentially modifying network routing rules and exfiltrating data. Cisco has observed active exploitation of the vulnerability and is working on a … Read more
October 16, 2023 at 11:52AM Cisco has warned administrators about a severe zero-day vulnerability in its IOS XE Software that allows attackers to gain full control of affected routers. The vulnerability, identified as CVE-2023-20198, only affects devices with the Web User Interface feature enabled and the HTTP or HTTPS Server feature toggled on. Cisco advises … Read more