Tag: communications
-
Cisco warns of another critical RCE flaw in ISE, urges immediate patching
Tags: access, ai, api, breach, cisco, communications, credentials, endpoint, exploit, flaw, network, radius, rce, remote-code-execution, risk, update, vulnerability, wifiFaster patching is needed: Barr is concerned about the flaw in finding N-day abuse. “While it’s positive that Cisco is transparent in disclosure and swift in releasing patches, the reality is that patching these types of vulnerabilities, especially in large, distributed enterprise environments, is not instantaneous,” he said. “Restart requirements and dependencies on high-availability setups…
-
New QR Code Attacks Through PDFs Bypass Detection and Steal Credentials
Tags: attack, communications, credentials, cyber, detection, email, exploit, intelligence, phishing, qrResearchers at Cyble Research and Intelligence Labs (CRIL) have uncovered an ongoing quishing campaign dubbed >>Scanception,
-
Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records
Texas adoption agency suffers major data leak, exposing over 1.1M sensitive records including case notes, contact info, and internal communications to public without any security authentication or password. First seen on hackread.com Jump to article: hackread.com/massive-data-leak-texas-adoption-agency-million-records/
-
FCC wants to ban Chinese tech from undersea cables
The Federal Communications Commission said Wednesday that the ban will be part of a broader package of policies to encourage an expansion of submarine telecommunications infrastructure while protecting it from “foreign adversary threats.” First seen on therecord.media Jump to article: therecord.media/fcc-plans-to-ban-chinese-tech-undersea-cables
-
Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network
China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units…
-
GTT Extends Palo Alto Networks Alliance to Add Managed SASE Service
GTT Communications extended its alliance with Palo Alto Networks to include an additional managed secure access service edge (SASE) offering. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/gtt-extends-palo-alto-networks-alliance-to-add-managed-sase-service/
-
Rubio Impersonator Signals Growing Security Threat From Deepfakes
An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rubio-impersonator-growing-security-threat-deepfakes
-
Kritische Schwachstelle in Cisco Unified CM entdeckt
Tags: bug, cisco, communications, cyberattack, exploit, infrastructure, rce, remote-code-execution, risk, vulnerabilityBereits zum zweiten Mal in einer Woche muss Cisco eine Schwachstelle mit höchsten Schweregrad melden.Cisco meldete kürzlich eine Schwachstelle mit höchster Schweregradbewertung (CVSS 10 von 10) in seinen Produkten Unified Communications Manager (Unified CM) und Session Management Edition (Unified CM SME). Die betroffenen Lösungen sind Kernkomponenten der TK-Infrastruktur und werden in Behörden, Finanzinstituten und großen…
-
Static Credentials Flaw Patched in Cisco Systems
Flaw Exposes Remote Privilege Escalation Risk. Cisco released urgent security updates to fix a critical vulnerability in Unified Communications Manager that could allow unauthenticated attackers gain root access to affected systems. The maximum-severity vulnerability allows unauthenticated remote attackers to log in using static credentials. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/static-credentials-flaw-patched-in-cisco-systems-a-28899
-
Protecting Your Business Communications: The Critical Role of Secure Email Gateways
Email is still the backbone of how businesses communicate, with more than 300 billion messages sent every day…. First seen on hackread.com Jump to article: hackread.com/protecting-business-communications-secure-email-gateway/
-
Cisco Unified CM Vulnerability Lets Remote Attacker Gain Root Access
A newly disclosed, critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME) has exposed organizations to the risk of full system compromise. Tracked as CVE-2025-20309 and assigned a maximum CVSS score of 10.0, the flaw allows unauthenticated remote attackers to gain root access using static, hardcoded SSH credentials that were inadvertently left in…
-
Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)
Cisco has issued a new security advisory addressing a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw, now identified as CVE-2025-20309, carries the highest possible CVSS score of 10.0. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisco-patches-cve-2025-20309-vulnerability/
-
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.The vulnerability, tracked as CVE-2025-20309, carries a CVSS…
-
Cisco removed the backdoor account from its Unified Communications Manager
Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call…
-
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Tags: communications, crypto, hacker, injection, korea, macOS, malware, north-korea, programming, threatThreat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics.”Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,” First seen…
-
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-removes-unified-cm-callManager-backdoor-root-account/
-
Ghost in the Machine: A Spy’s Digital Lifeline
Tags: access, ai, attack, authentication, best-practice, cloud, communications, control, country, crypto, cyber, data, encryption, endpoint, framework, government, Hardware, identity, infrastructure, intelligence, jobs, law, linux, mfa, military, network, resilience, risk, software, spy, strategy, technology, threat, tool, vpn, windows, zero-trust -
Glasgow City Warns of Parking Fine Scam Amid Ongoing Cybersecurity Incident
Glasgow City Council has issued an urgent alert to drivers across the region following a surge in scam text messages targeting unsuspecting motorists with fraudulent demands for parking fine payments. The authority has confirmed that these deceptive communications, often embedded with malicious links, are part of a sophisticated phishing campaign designed to steal personal and…
-
Mitel’s New Channel Strategy Targets Hybrid Communications Expansion
First seen on scworld.com Jump to article: www.scworld.com/news/mitels-new-channel-strategy-targets-hybrid-communications-expansion
-
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC
Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, wafroot user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
-
Successful Military Attacks are Driving Nation States to Cyber Options
Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfareWith daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…
-
Telecom Giant Viasat Is Latest Salt Typhoon Victim
The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there seems to be no impact to customers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/viasat-salt-typhoon-victim
-
China-linked group Salt Typhoon breached satellite firm Viasat
China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past. China-linked APT group Salt Typhoon hacked the satellite communications firm Viasat, the cyber-espionage group has previously breached the networks of multiple other telecom providers in the United States and globally. Viasat is a global communications company…
-
Telecom giant Viasat breached by China’s Salt Typhoon hackers
Satellite communications company Viasat is the latest victim of China’s Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/
-
Viasat Targeted in Cyberattack by Salt Typhoon APT Group
Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon. The breach, which occurred during the 2024 U.S. presidential campaign, was discovered earlier this year and highlights the growing threat posed by advanced…
-
Russia detects first SuperCard malware attacks skimming bank data via NFC
Malware detected previously in Italy has popped up in Russia, researchers said. Attackers use it to access devices’ near field communications (NFC) and steal payment card data. First seen on therecord.media Jump to article: therecord.media/supercard-nfc-banking-malware-russia
-
New quantum system offers publicly verifiable randomness for secure communications
Tags: blockchain, communications, crypto, cyber, cybersecurity, docker, email, finance, government, Hardware, infrastructure, open-source, software, technology, threat, toolNature and detailed in an accompanying arXiv preprint, CURBy leverages the phenomenon of quantum entanglement, where particles maintain interconnected states regardless of distance, to create fundamentally unpredictable outputs.”From a security perspective, this approach offers something valuable the ability to independently verify that random numbers haven’t been compromised,” noted Narayan Gokhale, vice president at QKS Group.…