Tag: cisco
-
Cisco Smart Licensing Utility flaws actively exploited in the wild
by
in SecurityNewsExperts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility. Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit the backdoor to access sensitive log files. While no active exploitation was initially observed, the…
-
CVE-2024-20439: Critical Cisco Smart Licensing Flaws Exploited
by
in SecurityNewsTwo Critical Vulnerabilities Expose Administrative Access Two now-patched but previously critical vulnerabilities in Cisco Smart Licensing Utility are being actively exploited in the wild, according to reports from the SANS Internet Storm Center. These flaws affect versions 2.0.0, 2.1.0, and… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-20439-cisco-smart-licensing-flaws/
-
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
by
in SecurityNewsTwo now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.The two critical-rated vulnerabilities in question are listed below – CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to…
-
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
by
in SecurityNewsAttackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-smart-licensing-utility-flaws-now-exploited-in-attacks/
-
Cisco Smart Licensing Utility flaws under attack
by
in SecurityNewsThe SANS Internet Storm Center reported exploitation attempts against two critical vulnerabilities, which were initially disclosed in September. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-smart-licensing-utility-flaws-attacked/743064/
-
Taiwan critical infrastructure targeted by hackers with possible ties to Volt Typhoon
by
in SecurityNewsResearchers at Cisco Talos identified a hacking operation against Taiwan that appears to overlap with Chinese state-backed campaigns known as Volt Typhoon and Flax Typhoon. First seen on therecord.media Jump to article: therecord.media/taiwan-critical-infrastructure-hacking-uat-5918
-
Cisco Smart Licensing Utility Vulnerabilities Under Hacker Exploitation
by
in SecurityNewsRecent reports indicate that hackers are actively trying to exploit two critical vulnerabilities in the Cisco Smart Licensing Utility. These vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, were disclosed by Cisco in September. The first vulnerability involves a static credential issue, while the second is an information disclosure vulnerability related to excessive logging. Overview of the…
-
Hackers Target Cisco Smart Licensing Utility Vulnerabilities
by
in SecurityNewsSANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440. The post Hackers Target Cisco Smart Licensing Utility Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hackers-target-cisco-smart-licensing-utility-vulnerabilities/
-
Attackers use CSS to create evasive phishing messages
Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences. Cisco Talos observed threat actors abusing Cascading Style Sheets (CSS) to evade detection and track user behavior, raising security and privacy concerns, including potential fingerprinting. Cascading Style Sheets (CSS) is a stylesheet language used to…
-
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions
by
in SecurityNewsMalicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions.That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy.”The features available in CSS allow attackers and spammers…
-
Adobe Acrobat Vulnerabilities Enable Remote Code Execution
by
in SecurityNewsA recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these vulnerabilities, users can utilize the latest Snort rule sets available from Snort.org and refer to…
-
Security Affairs newsletter Round 515 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New MassJacker clipper targets pirated software seekers Cisco IOS XR flaw allows attackers to crash BGP process on…
-
Cisco IOS XR flaw allows attackers to crash BGP process on routers
by
in SecurityNewsCisco addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers. Cisco has addressed a denial of service (DoS) vulnerability, tracked as CVE-2025-20115, that could allow an unauthenticated, remote attacker to crash the Border Gateway Protocol (BGP) process on IOS XR routers by sending a single BGP…
-
Will Cisco’s Free Tech Training for 1.5M People Help Close EU’s Skills Gap?
by
in SecurityNewsCisco’s training through its Networking Academy will help “build a resilient and skilled workforce ready to meet Europe’s digital transformation and AI objectives.” First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-skills-tech-training-european-union/
-
Tech giants seek data standards amid AI push
Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Cisco IOS XR vulnerability lets attackers crash BGP on routers
by
in SecurityNewsCisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/
-
Tech industry alliance rallies around data quality
by
in SecurityNewsMicrosoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-data-quality-ibm-microsoft-red-hat-cisco/742581/
-
Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks
by
in SecurityNewsCisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks. The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation. The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing…
-
Miniaudio and Adobe Acrobat Reader vulnerabilities
by
in SecurityNewsCisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/miniaudio-and-adobe-acrobat-reader-vulnerabilities/
-
Cisco Patches 10 Vulnerabilities in IOS XR
by
in SecurityNewsCisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-patches-10-vulnerabilities-in-ios-xr/
-
EU’s Digital Transformation Push Includes Training for 1.5 Million
by
in SecurityNewsCisco has set an ambitious goal to train 1.5 million people across the European Union in digital skills by 2030. This Cisco Networking Academy initiative, which focuses on areas such as Artificial Intelligence (AI), cybersecurity, and data science, was unveiled at the European Commission’s Employment and Social Rights Forum in Brussels. The move aligns with…
-
Stealthy Attacks Exploiting PHP-CGI Vulnerability Target Japanese Organizations
by
in SecurityNewsA sophisticated cyberattack campaign targeting organizations across multiple industries in Japan has been uncovered by Cisco Talos. Active First seen on securityonline.info Jump to article: securityonline.info/stealthy-attacks-exploiting-php-cgi-vulnerability-target-japanese-organizations/
-
PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors
by
in SecurityNewsThreat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.”The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a…
-
Fueling the Fight Against Identity Attacks
by
in SecurityNews
Tags: access, attack, business, cisco, cloud, conference, corporate, cyber, cybersecurity, exploit, identity, microsoft, open-source, penetration-testing, risk, service, software, technology, threat, tool, updateWhen we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We aspired to set the cadence of the cyber security industry through a commitment to benefit our entire security community. Today, I am thrilled to announce that…
-
Cisco Webex for BroadWorks Flaw Opens Door for Attackers to Access Credentials
by
in SecurityNews
Tags: access, cisco, communications, credentials, cyber, data, flaw, software, vulnerability, windowsCisco Systems has disclosed a security vulnerability in its Webex for BroadWorks unified communications platform that could allow attackers to intercept sensitive credentials and user data under specific configurations. The flaw, tracked asCSCwo20742and classified as a low-severity issue, impacts organizations usingRelease 45.2of the software in Windows-based environments, prompting Cisco to release configuration-based fixes and recommend…
-
Cisco warns of Webex for BroadWorks flaw exposing credentials
by
in SecurityNewsCisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials/
-
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
by
in SecurityNewsCISA has added five more CVEs into its known exploited vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/
-
7 key trends defining the cybersecurity market today
by
in SecurityNews
Tags: access, ai, attack, cisco, ciso, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, endpoint, fortinet, gartner, google, governance, group, ibm, intelligence, microsoft, ml, network, okta, resilience, risk, service, siem, startup, strategy, technology, threat, tool, vulnerability, zero-trustMarket leaders are gaining share: The cybersecurity market has a dizzying number of single-product vendors, but a handful of powerful platform providers have risen above the pack and are gaining market share.According to research firm Canalys, the top 12 vendors benefited the most from customers taking early steps to transition to platforms. Collectively, they accounted…