July 2, 2024 at 05:18AM Cisco has released patches for a zero-day vulnerability, CVE-2024-20399, in its NX-OS software. The medium-severity flaw allows local attackers to execute arbitrary commands with root privileges. Exploited by a China-linked cyberespionage group, the bug impacts various Cisco switch series. Cybersecurity firm Sygnia discovered and reported the vulnerability and advises updating … Read more
January 31, 2024 at 12:52PM Security researchers suspect the Akira ransomware group may be using a four-year-old Cisco vulnerability as an entry point into organizations’ systems. TrueSec’s recent engagements revealed Akira exploiting Cisco’s AnyConnect SSL VPN vulnerability, potentially allowing access to usernames and passwords. Organizations are advised to apply patches, reset passwords, and consider implementing … Read more
January 25, 2024 at 11:48AM Cisco announced security updates to address a critical-severity vulnerability (CVE-2024-20253, CVSS 9.9) affecting multiple Unified Communications and Contact Center Solutions products. The flaw could allow attackers to execute arbitrary commands with system privileges. Cisco advises immediate patching and mitigation using access control lists. Medium-severity flaws in Business 250/350 series switches … Read more
January 11, 2024 at 10:16AM NCSC-FI warns of increased Akira ransomware attacks in December, targeting Finnish companies and wiping backups. The attacks exploited a vulnerability in Cisco VPNs, allowing unauthorized access to networks. The agency advises switching to offline backups and updating Cisco ASA and FTD to prevent further attacks. They emphasize the need for … Read more
October 17, 2023 at 03:19PM Thousands of Internet exposed Cisco IOS XE devices have been infected by a threat actor exploiting an unpatched vulnerability. Cisco has disclosed the flaw, which allows arbitrary code execution, with a severity rating of 10 out of 10. The attacks have a global footprint and the compromised systems all have … Read more
October 17, 2023 at 01:03AM Cisco has issued a warning about a critical security flaw in its IOS XE software that is being actively exploited. The vulnerability, assigned as CVE-2023-20198, allows remote attackers to create an account with high-level access and gain control of affected systems. The flaw only affects enterprise networking gear with the … Read more
October 16, 2023 at 04:52PM Cisco has disclosed a critical zero-day vulnerability in the Web User Interface of its IOS XE operating system. The flaw, assigned as CVE-2023-20198, affects all Cisco IOS XE devices with the Web UI feature enabled and allows attackers to create an account with complete device control. Cisco advises customers to … Read more