Tag: cisco
-
Cisco warns of ISE cloud credential vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/cisco-warns-of-ise-cloud-credential-vulnerability
-
Cisco Reimagines Infrastructure for the AI Era, From Core to Edge, Cloud to Endpoint
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-reimagines-infrastructure-for-the-ai-era-from-core-to-edge-cloud-to-endpoint
-
Red Sift Adds Brand Trust to Cisco Security Portfolio
Tags: ciscoFirst seen on scworld.com Jump to article: www.scworld.com/brief/red-sift-adds-brand-trust-to-cisco-security-portfolio
-
Unlock the Power of Plixer One: AI-Driven Network Data Analysis
Plixer is live from Cisco Live 2025 at the San Diego Convention Center, and they’re ready to showcase the future of AI-driven network visibility. Join Peter Silva as he catches up with Nils Werner for a behind-the-scenes look at what attendees can expect at Booth 1940. The Plixer One platform continues to evolve as a……
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
No Lollygagging: Cisco IOS XE Flaw With 10.0 Rating Should be Patched Now
Cisco IOS XE Flaw: The security experts are all in agreement that organizations should rush to fix the vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/no-lollygagging-cisco-ios-xe-flaw-with-10-0-rating-should-be-patched-now/
-
New PathWiper Malware Strikes Ukraine’s Critical Infrastructure
Cisco Talos discovers PathWiper, a destructive new malware targeting critical infrastructure in Ukraine, highlighting ongoing cyber threats amidst the Russia-Ukraine conflict. First seen on hackread.com Jump to article: hackread.com/pathwiper-malware-hit-ukraines-critical-infrastructure/
-
Russia-linked threat actors targets Ukraine with PathWiper wiper
A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console, then used it to…
-
Critical Cisco ISE Cloud Deployment Static Credential Vulnerability CVE-2025-20286
Summary On May 29, 2025, Cisco disclosed a critical vulnerability (CVE-2025-20286) affecting cloud deployments of Cisco Identity Services Engine (ISE) on AWS, Azure, and Oracle First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/06/06/critical-cisco-ise-cloud-deployment-static-credential-vulnerability-cve-2025-20286/
-
Beware: Fake AI Business Tools Spreading Hidden Ransomware
As small businesses increasingly adopt artificial intelligence (AI) tools to streamline operations, cybercriminals are seizing the opportunity to deploy ransomware through deceptive campaigns. According to a recent report by Cisco Talos, attackers are masquerading as legitimate AI software providers, embedding malware within counterfeit applications that mimic popular services. With 98% of small businesses using at…
-
New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos.”The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper…
-
New pathWiper Malware Targets Critical Infrastructure to Deploy Admin Tools
Cisco Talos has uncovered a sophisticated and destructive cyberattack targeting a critical infrastructure entity in Ukraine, deploying a previously unknown wiper malware dubbed >>PathWiper.
-
‘PathWiper’ Attack Hits Critical Infrastructure In Ukraine
Cisco Talos researchers observed the new wiper malware in a destructive attack against an unnamed critical infrastructure organization. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/pathwiper-attack-critical-infrastructure-ukraine
-
Cisco patches Identity Services Engine flaw affecting AWS, Azure, OCI
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-patches-identity-services-engine-flaw-affecting-aws-azure-oci
-
Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud
The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-warns-critical-static-credential-vulnerability
-
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/pathwiper-targets-ukraine/
-
Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure
Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…
-
Critical Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate Managed Devices
Cisco has issued a high-severity security advisory (ID: cisco-sa-ndfc-shkv-snQJtjrp) regarding a critical SSH host key validation vulnerability in its Nexus Dashboard Fabric Controller (NDFC), tracked as CVE-2025-20163. The flaw, assigned a CVSS 3.1 base score of 8.7, could allow unauthenticated, remote attackers to impersonate Cisco NDFC-managed devices, posing significant risks to data center infrastructure. The…
-
Cisco Alerts Users to Critical ISE Vulnerability Exposing Sensitive Data
Cisco has issued a critical security advisory (Advisory ID: cisco-sa-ise-aws-static-cred-FPMjUcm7) for its Identity Services Engine (ISE) when deployed on major cloud platforms”, Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). The vulnerability, tracked as CVE-2025-20286 and classified under CWE-259 (Use of Hard-coded Password), carries a CVSS v3.1 base score of 9.9, indicating…
-
Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems.The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential…
-
VAST Data and Cisco Partner on Unified AI Infrastructure for Enterprises
First seen on scworld.com Jump to article: www.scworld.com/news/vast-data-and-cisco-partner-on-unified-ai-infrastructure-for-enterprises
-
Cisco warns of ISE and CCP flaws with public exploit code
Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-flaws-with-public-exploit-code/
-
Cisco IOS XE bug rated 10.0: ‘Waiting is not an option,’ pros say
Tags: ciscoFirst seen on scworld.com Jump to article: www.scworld.com/news/cisco-ios-xe-bug-rated-100-waiting-is-not-an-option-pros-say
-
Cisco Wireless LAN Controllers under threat again after critical exploit details go public
A call for urgent patching: Cisco had patched the max severity flaw, CVSS 10 out of 10, in mid-May rollouts for customers with service contracts and through Cisco TAC for customers without service contracts.Researchers recommended promptly upgrading to the latest version of the affected software, as no other workaround is available. “For security teams, the…
-
Flaw in Cisco Wireless LAN Controller Raises Exploit Fears
Researchers in Proof of Concept Show Exploit Potential for Widely Used Software. Technical details for a recently patched maximum-severity vulnerability in Cisco IOS XE reveal how hackers can enable remote code execution if the flaw is exploited. The vulnerability is an arbitrary file upload triggered by a hardcoded JSON Web Token. First seen on govinfosecurity.com…
-
Exploitation Risk Grows for Critical Cisco Bug
New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploitation-risk-grows-critical-cisco-bug
-
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188
Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188…
-
Exploit details for max severity Cisco IOS XE flaw now public
Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-details-for-max-severity-cisco-ios-xe-flaw-now-public/
-
New ChatGPT Scam Infects Users With Ransomware: ‘Exercise Extreme Caution’
Cisco Talos identified three strains of malware that spoof AI tools, including ChatGPT. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-talos-fake-ai-installers/