Tag: cisco
-
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions.That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy.”The features available in CSS allow attackers and spammers…
-
Adobe Acrobat Vulnerabilities Enable Remote Code Execution
A recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these vulnerabilities, users can utilize the latest Snort rule sets available from Snort.org and refer to…
-
Security Affairs newsletter Round 515 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New MassJacker clipper targets pirated software seekers Cisco IOS XR flaw allows attackers to crash BGP process on…
-
Cisco IOS XR flaw allows attackers to crash BGP process on routers
Cisco addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers. Cisco has addressed a denial of service (DoS) vulnerability, tracked as CVE-2025-20115, that could allow an unauthenticated, remote attacker to crash the Border Gateway Protocol (BGP) process on IOS XR routers by sending a single BGP…
-
Will Cisco’s Free Tech Training for 1.5M People Help Close EU’s Skills Gap?
Cisco’s training through its Networking Academy will help “build a resilient and skilled workforce ready to meet Europe’s digital transformation and AI objectives.” First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-skills-tech-training-european-union/
-
Tech giants seek data standards amid AI push
Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/
-
Tech industry alliance rallies around data quality
Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks
Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks. The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation. The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing…
-
Miniaudio and Adobe Acrobat Reader vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/miniaudio-and-adobe-acrobat-reader-vulnerabilities/
-
Cisco Patches 10 Vulnerabilities in IOS XR
Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-patches-10-vulnerabilities-in-ios-xr/
-
EU’s Digital Transformation Push Includes Training for 1.5 Million
Cisco has set an ambitious goal to train 1.5 million people across the European Union in digital skills by 2030. This Cisco Networking Academy initiative, which focuses on areas such as Artificial Intelligence (AI), cybersecurity, and data science, was unveiled at the European Commission’s Employment and Social Rights Forum in Brussels. The move aligns with…
-
Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations
A sophisticated cyberattack campaign targeting organizations across multiple industries in Japan has been uncovered by Cisco Talos. Active First seen on securityonline.info Jump to article: securityonline.info/stealthy-attacks-exploiting-php-cgi-vulnerability-target-japanese-organizations/
-
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.”The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a…
-
Fueling the Fight Against Identity Attacks
Tags: access, attack, business, cisco, cloud, conference, corporate, cyber, cybersecurity, exploit, identity, microsoft, open-source, penetration-testing, risk, service, software, technology, threat, tool, updateWhen we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We aspired to set the cadence of the cyber security industry through a commitment to benefit our entire security community. Today, I am thrilled to announce that…
-
Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials
Tags: access, cisco, communications, credentials, cyber, data, flaw, software, vulnerability, windowsCisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations. The flaw, tracked asCSCwo20742and classified as a low-severity issue, impacts organizations usingRelease 45.2of the software in Windows-based environments, prompting Cisco to release configuration-based fixes and recommend…
-
Cisco warns of Webex for BroadWorks flaw exposing credentials
Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials/
-
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
CISA has added five more CVEs into its known exploited vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/
-
7 key trends defining the cybersecurity market today
Tags: access, ai, attack, cisco, ciso, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, endpoint, fortinet, gartner, google, governance, group, ibm, intelligence, microsoft, ml, network, okta, resilience, risk, service, siem, startup, strategy, technology, threat, tool, vulnerability, zero-trustMarket leaders are gaining share: The cybersecurity market has a dizzying number of single-product vendors, but a handful of powerful platform providers have risen above the pack and are gaining market share.According to research firm Canalys, the top 12 vendors benefited the most from customers taking early steps to transition to platforms. Collectively, they accounted…
-
Newly Exploited Vulnerabilities Target Cisco, Microsoft, and More CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in the wild. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-known-exploited-vulnerabilities-to-catalog/
-
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited”, CISA Sounds Alarm
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, software, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2023-20118 (CVSS score: 6.5) – A command injection First seen…
-
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw
Tags: business, cisa, cisco, cyber, cybersecurity, exploit, flaw, infrastructure, injection, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3, 2025, about actively exploiting a critical command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Business RV Series Routers. The flaw, which carries a CVSSv3.1 score of 6.5, enables authenticated attackers to execute arbitrary commands with root privileges, potentially compromising entire…
-
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
Tags: business, cisa, cisco, cybersecurity, exploit, infrastructure, kev, microsoft, router, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Goldflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for…
-
CISA tags Windows, Cisco vulnerabilities as actively exploited
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/
-
Cisco’s SnapAttack Deal Expands Splunk’s Capabilities
The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisco-snapattack-deal-expands-splunk-capabilities
-
Cisco Infuses Security into Networking with New Nexus Smart Switch and Hypershield Integration
At Cisco Live EMEA 2025 in Amsterdam this month, Cisco unveiled the Nexus Smart Switch and Hypershield integration, a two-in-one solution that it says addresses the mounting security management pains amid sweeping artificial intelligence (AI) adoption in data centers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/cisco-infuses-security-into-networking-with-new-nexus-smart-switch-and-hypershield-integration/
-
Cisco fixed command injection and DoS flaws in Nexus switches
Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches. Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw. The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series…
-
Black Basta ransomware leak sheds light on targets, tactics
VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics