Tag: cisco
-
Cisco warns of max severity RCE flaws in Identity Services Engine
Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-rce-flaws-in-identity-services-engine/
-
Threat Actors Exploit ChatGPT, Cisco AnyConnect, Google Meet, and Teams in Attacks on SMBs
Threat actors are increasingly leveraging the trusted names of popular software and services like ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams to orchestrate sophisticated cyberattacks. According to a recent report by Kaspersky Lab, SMBs, often perceived as less fortified than larger enterprises, are prime targets for both opportunistic hackers and organized cybercrime groups. Rising…
-
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user.The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects…
-
Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands
Cisco has issued urgent security patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms. These flaws, which both carry the highest possible CVSS severity score of 10.0, could allow unauthenticated remote attackers to execute malicious commands as the root user, effectively taking complete control of affected…
-
Cisco fixed critical ISE flaws allowing Root-level remote code execution
Cisco released patches to address two critical vulnerabilities in ISE and ISE-PIC that could let remote attackers execute to code as root. Cisco addressed two critical vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow remote, unauthenticated attackers to execute arbitrary code with root…
-
Decrement by one to rule them all: AsIO3.sys driver exploitation
Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS’ AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/decrement-by-one-to-rule-them-all/
-
Oh! Canada Added to List of Nations Targeted in Salt Typhoon Telecom Spree
The Canadian Center for Cybersecurity has confirmed that the Chinese state-sponsored cyber-threat actor targeted one of its telecommunications companies in February via a Cisco flaw, as part of global attack wave. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/canada-targeted-salt-typhoon-telecom
-
Patch verschlafen: Hacker infiltrieren Telco-Provider über Cisco-Lücke von 2023
Ein kanadischer Provider hat einen von Cisco im Oktober 2023 bereitgestellten Patch nicht eingespielt und ist nun von chinesischen Hackern überrascht worden. First seen on golem.de Jump to article: www.golem.de/news/patch-seit-2023-verfuegbar-grosser-telco-provider-ueber-alte-cisco-luecke-infiltriert-2506-197393.html
-
Patch verschlafen: Großer Telco-Provider über Cisco-Lücke von 2023 attackiert
Ein kanadischer Provider hat einen von Cisco im Oktober 2023 bereitgestellten Patch nicht eingespielt und ist nun von chinesischen Hackern überrascht worden. First seen on golem.de Jump to article: www.golem.de/news/patch-seit-2023-verfuegbar-grosser-telco-provider-ueber-alte-cisco-luecke-infiltriert-2506-197393.html
-
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to…
-
Canadian telecom hacked by suspected China state group
Maximum-security Cisco vulnerability was patched Oct. 2023 and exploited Feb. 2025. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/06/suspected-china-state-hackers-exploited-patched-flaw-to-breach-canadian-telecom/
-
Cisco Security Channel Head Puts Focus on MSPs, AI
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-security-channel-head-puts-focus-on-msps-ai
-
Canada says Salt Typhoon hacked telecom firm via Cisco flaw
The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/canada-says-salt-typhoon-hacked-telecom-firm-via-cisco-flaw/
-
Cisco, Atlassian release high-severity flaw fixes
First seen on scworld.com Jump to article: www.scworld.com/brief/cisco-atlassian-release-high-severity-flaw-fixes
-
Zertifizierte Sicherheit für Cloud-Infrastrukturen – Cisco erhält BSI-C5-Testat
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-erhaelt-bsi-c5-testat-a-8512c6244277ea1fe8a144f6cf32b32a/
-
The highest-paying jobs in cybersecurity today
Tags: access, ai, application-security, cisco, cloud, compliance, control, corporate, cybersecurity, data, defense, detection, firewall, governance, grc, hacker, identity, incident response, infrastructure, intelligence, jobs, network, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, soc, threat, tool, training, vulnerability, vulnerability-managementSee “Top 12 cloud security certifications”See “CISSP certification: Requirements, training, exam, and cost”See “CCSP certification: Exam, cost, requirements, training, salary” Security engineer: After security architects, security engineers receive the second-highest annual cash compensation ($191,000), with a base salary of $168,000. Nearly a third (31%) of security engineers surveyed also received annual equity grants.Like their architect…
-
ASUS Armoury Crate Vulnerability Lets Hackers Gain System-Level Access on Windows
A critical vulnerability in ASUS’s popular Armoury Crate software has exposed millions of Windows users to the risk of system-level compromise, according to a recent disclosure by Cisco Talos and confirmed by ASUS. The flaw, tracked as CVE-2025-3464, allows attackers to bypass security controls and gain the highest level of privileges on affected systems, potentially…
-
Cisco 360 Expands Security Play for Partners
Tags: ciscoFirst seen on scworld.com Jump to article: www.scworld.com/brief/cisco-360-expands-security-play-for-partners
-
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/catdoc-zero-day-nvidia-high-logic-fontcreator-and-parallel-vulnerabilities/
-
Cisco warns of ISE cloud credential vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/cisco-warns-of-ise-cloud-credential-vulnerability
-
Cisco Reimagines Infrastructure for the AI Era, From Core to Edge, Cloud to Endpoint
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-reimagines-infrastructure-for-the-ai-era-from-core-to-edge-cloud-to-endpoint
-
Red Sift Adds Brand Trust to Cisco Security Portfolio
Tags: ciscoFirst seen on scworld.com Jump to article: www.scworld.com/brief/red-sift-adds-brand-trust-to-cisco-security-portfolio
-
Unlock the Power of Plixer One: AI-Driven Network Data Analysis
Plixer is live from Cisco Live 2025 at the San Diego Convention Center, and they’re ready to showcase the future of AI-driven network visibility. Join Peter Silva as he catches up with Nils Werner for a behind-the-scenes look at what attendees can expect at Booth 1940. The Plixer One platform continues to evolve as a……
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
No Lollygagging: Cisco IOS XE Flaw With 10.0 Rating Should be Patched Now
Cisco IOS XE Flaw: The security experts are all in agreement that organizations should rush to fix the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/no-lollygagging-cisco-ios-xe-flaw-with-10-0-rating-should-be-patched-now/
-
New PathWiper Malware Strikes Ukraine’s Critical Infrastructure
Cisco Talos discovers PathWiper, a destructive new malware targeting critical infrastructure in Ukraine, highlighting ongoing cyber threats amidst the Russia-Ukraine conflict. First seen on hackread.com Jump to article: hackread.com/pathwiper-malware-hit-ukraines-critical-infrastructure/
-
Russia-linked threat actors targets Ukraine with PathWiper wiper
A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console, then used it to…
-
Critical Cisco ISE Cloud Deployment Static Credential Vulnerability CVE-2025-20286
Summary On May 29, 2025, Cisco disclosed a critical vulnerability (CVE-2025-20286) affecting cloud deployments of Cisco Identity Services Engine (ISE) on AWS, Azure, and Oracle First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/06/06/critical-cisco-ise-cloud-deployment-static-credential-vulnerability-cve-2025-20286/