Tag: cisco
-
Cisco Patches 10 Vulnerabilities in IOS XR
Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-patches-10-vulnerabilities-in-ios-xr/
-
EU’s Digital Transformation Push Includes Training for 1.5 Million
Cisco has set an ambitious goal to train 1.5 million people across the European Union in digital skills by 2030. This Cisco Networking Academy initiative, which focuses on areas such as Artificial Intelligence (AI), cybersecurity, and data science, was unveiled at the European Commission’s Employment and Social Rights Forum in Brussels. The move aligns with…
-
Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations
A sophisticated cyberattack campaign targeting organizations across multiple industries in Japan has been uncovered by Cisco Talos. Active First seen on securityonline.info Jump to article: securityonline.info/stealthy-attacks-exploiting-php-cgi-vulnerability-target-japanese-organizations/
-
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.”The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a…
-
Fueling the Fight Against Identity Attacks
Tags: access, attack, business, cisco, cloud, conference, corporate, cyber, cybersecurity, exploit, identity, microsoft, open-source, penetration-testing, risk, service, software, technology, threat, tool, updateWhen we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We aspired to set the cadence of the cyber security industry through a commitment to benefit our entire security community. Today, I am thrilled to announce that…
-
Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials
Tags: access, cisco, communications, credentials, cyber, data, flaw, software, vulnerability, windowsCisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations. The flaw, tracked asCSCwo20742and classified as a low-severity issue, impacts organizations usingRelease 45.2of the software in Windows-based environments, prompting Cisco to release configuration-based fixes and recommend…
-
Cisco warns of Webex for BroadWorks flaw exposing credentials
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials/
-
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
CISA has added five more CVEs into its known exploited vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/
-
7 key trends defining the cybersecurity market today
Tags: access, ai, attack, cisco, ciso, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, endpoint, fortinet, gartner, google, governance, group, ibm, intelligence, microsoft, ml, network, okta, resilience, risk, service, siem, startup, strategy, technology, threat, tool, vulnerability, zero-trustMarket leaders are gaining share: The cybersecurity market has a dizzying number of single-product vendors, but a handful of powerful platform providers have risen above the pack and are gaining market share.According to research firm Canalys, the top 12 vendors benefited the most from customers taking early steps to transition to platforms. Collectively, they accounted…
-
Newly Exploited Vulnerabilities Target Cisco, Microsoft, and More CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in the wild. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-known-exploited-vulnerabilities-to-catalog/
-
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited”, CISA Sounds Alarm
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, software, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2023-20118 (CVSS score: 6.5) – A command injection First seen…
-
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw
Tags: business, cisa, cisco, cyber, cybersecurity, exploit, flaw, infrastructure, injection, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3, 2025, about actively exploiting a critical command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Business RV Series Routers. The flaw, which carries a CVSSv3.1 score of 6.5, enables authenticated attackers to execute arbitrary commands with root privileges, potentially compromising entire…
-
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
Tags: business, cisa, cisco, cybersecurity, exploit, infrastructure, kev, microsoft, router, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Goldflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for…
-
CISA tags Windows, Cisco vulnerabilities as actively exploited
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/
-
Cisco’s SnapAttack Deal Expands Splunk’s Capabilities
The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisco-snapattack-deal-expands-splunk-capabilities
-
Cisco Infuses Security into Networking with New Nexus Smart Switch and Hypershield Integration
At Cisco Live EMEA 2025 in Amsterdam this month, Cisco unveiled the Nexus Smart Switch and Hypershield integration, a two-in-one solution that it says addresses the mounting security management pains amid sweeping artificial intelligence (AI) adoption in data centers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/cisco-infuses-security-into-networking-with-new-nexus-smart-switch-and-hypershield-integration/
-
Cisco fixed command injection and DoS flaws in Nexus switches
Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches. Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw. The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series…
-
Black Basta ransomware leak sheds light on targets, tactics
VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics
-
Attackers exploiting Cisco vulnerabilities tied to Salt Typhoon campaign
GreyNoise observed exploitation of CVE-2018-0171, which Cisco Talos researchers said was used in a recent attack by the China-backed threat group. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/attackers-exploiting-cisco-vulnerabilities-tied-to-salt-typhoon-campaign/740859/
-
Hackers Exploiting Cisco Small Business Routers RCE Vulnerability Deploying Webshell
Tags: backdoor, business, cisco, cve, cyber, cybercrime, exploit, flaw, hacker, rce, remote-code-execution, router, vulnerabilityA critical remote code execution (RCE) vulnerability, CVE-2023-20118, affecting Cisco Small Business Routers, has become a focal point for cybercriminals deploying webshells and advanced backdoor payloads. The vulnerability, caused by improper input validation in the routers’ web-based management interface, allows unauthenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. This flaw has…
-
Talos: No Cisco Zero Days Used in Salt Typhoon Telecom Hacks
Tags: breach, china, cisco, credentials, cyberespionage, hacker, login, threat, vulnerability, zero-dayChinese Nation-State Hackers Used a Custom Utility to Capture Packets. Chinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco’s threat analysis unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/talos-no-cisco-zero-days-used-in-salt-typhoon-telecom-hacks-a-27576
-
Strategic? Functional? Tactical? Which type of CISO are you?
Tags: breach, business, ceo, cisco, ciso, cloud, compliance, cybersecurity, finance, governance, group, guide, healthcare, infrastructure, jobs, risk, service, skills, startup, strategy, technology, trainingTransformational, as in program-builders or turnaround agents.Operational, often early-career CISOs who are closer to the technology and work at small-to-midsize companies where they still perform some technical duties.Compliance, that is, risk experts typically found in highly regulated industries.Steady-state CISOs, who, in opposition to the transformational type, keep everything on an even keel.Customer-facing CISOs, usually found…
-
Salt Typhoon exploited 2018 Cisco bug to infiltrate US telecoms
First seen on scworld.com Jump to article: www.scworld.com/news/salt-typhoon-exploited-2018-cisco-bug-to-infiltrate-us-telecoms
-
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisco-salt-typhoon-exploitation-telecom
-
Talos: No Cisco Zero Days Used in Salt Typhon Telecom Hacks
Tags: breach, china, cisco, credentials, cyberespionage, cybersecurity, hacker, login, vulnerability, zero-dayChinese Nation-State Hackers Used a Custom Utility to Capture Packets. Chinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco’s cybersecurity unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/talos-no-cisco-zero-days-used-in-salt-typhon-telecom-hacks-a-27576
-
Salt Typhoon used new custom malware in telecom attacks
The China-backed hackers used compromised credentials to gain initial access to Cisco devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-salt-typhoon-used-new-custom-malware-in-telecom-attacks/740629/
-
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
Cisco Talos observed Chinese hackers pivoting from a compromised device operated by one telecom to target a device in another telecom. The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/
-
Salt Typhoon Exploited Cisco Devices With Custom Tool to Spy on US Telcos
Chinese threat actor Salt Typhoon used JumbledPath, a custom-built utility, to gain access to a remote Cisco device, said the network provider First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/salt-typhoon-cisco-custom-tool/