Tag: cisco
-
Cisco warns of Webex for BroadWorks flaw exposing credentials
by
in SecurityNewsCisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials/
-
CISA Urges Government to Patch Exploited Cisco, Microsoft Flaws
by
in SecurityNewsCISA has added five more CVEs into its known exploited vulnerabilities catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/
-
7 key trends defining the cybersecurity market today
by
in SecurityNews
Tags: access, ai, attack, cisco, ciso, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, endpoint, fortinet, gartner, google, governance, group, ibm, intelligence, microsoft, ml, network, okta, resilience, risk, service, siem, startup, strategy, technology, threat, tool, vulnerability, zero-trustMarket leaders are gaining share: The cybersecurity market has a dizzying number of single-product vendors, but a handful of powerful platform providers have risen above the pack and are gaining market share.According to research firm Canalys, the top 12 vendors benefited the most from customers taking early steps to transition to platforms. Collectively, they accounted…
-
Newly Exploited Vulnerabilities Target Cisco, Microsoft, and More CISA Warns
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in the wild. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/new-known-exploited-vulnerabilities-to-catalog/
-
Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited”, CISA Sounds Alarm
by
in SecurityNews
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, software, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2023-20118 (CVSS score: 6.5) – A command injection First seen…
-
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw
by
in SecurityNews
Tags: business, cisa, cisco, cyber, cybersecurity, exploit, flaw, infrastructure, injection, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3, 2025, about actively exploiting a critical command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Business RV Series Routers. The flaw, which carries a CVSSv3.1 score of 6.5, enables authenticated attackers to execute arbitrary commands with root privileges, potentially compromising entire…
-
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: business, cisa, cisco, cybersecurity, exploit, infrastructure, kev, microsoft, router, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Goldflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for…
-
CISA tags Windows, Cisco vulnerabilities as actively exploited
by
in SecurityNewsCISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/
-
Cisco’s SnapAttack Deal Expands Splunk’s Capabilities
by
in SecurityNewsThe addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisco-snapattack-deal-expands-splunk-capabilities
-
Cisco Infuses Security into Networking with New Nexus Smart Switch and Hypershield Integration
by
in SecurityNewsAt Cisco Live EMEA 2025 in Amsterdam this month, Cisco unveiled the Nexus Smart Switch and Hypershield integration, a two-in-one solution that it says addresses the mounting security management pains amid sweeping artificial intelligence (AI) adoption in data centers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/cisco-infuses-security-into-networking-with-new-nexus-smart-switch-and-hypershield-integration/
-
Cisco fixed command injection and DoS flaws in Nexus switches
by
in SecurityNewsCisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches. Cisco released security updates to address command injection and DoS vulnerabilities in Nexus switches, including a high-severity flaw. The most severe issue, tracked as CVE-2025-20111 (CVSS Score of 7.4), resides in the health monitoring diagnostics of Cisco Nexus 3000 Series…
-
Black Basta ransomware leak sheds light on targets, tactics
by
in SecurityNewsVulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619641/Black-Basta-ransomware-leak-sheds-light-on-targets-tactics
-
Attackers exploiting Cisco vulnerabilities tied to Salt Typhoon campaign
by
in SecurityNewsGreyNoise observed exploitation of CVE-2018-0171, which Cisco Talos researchers said was used in a recent attack by the China-backed threat group. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/attackers-exploiting-cisco-vulnerabilities-tied-to-salt-typhoon-campaign/740859/
-
Hackers Exploiting Cisco Small Business Routers RCE Vulnerability Deploying Webshell
by
in SecurityNews
Tags: backdoor, business, cisco, cve, cyber, cybercrime, exploit, flaw, hacker, rce, remote-code-execution, router, vulnerabilityA critical remote code execution (RCE) vulnerability, CVE-2023-20118, affecting Cisco Small Business Routers, has become a focal point for cybercriminals deploying webshells and advanced backdoor payloads. The vulnerability, caused by improper input validation in the routers’ web-based management interface, allows unauthenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. This flaw has…
-
Talos: No Cisco Zero Days Used in Salt Typhoon Telecom Hacks
by
in SecurityNews
Tags: breach, china, cisco, credentials, cyberespionage, hacker, login, threat, vulnerability, zero-dayChinese Nation-State Hackers Used a Custom Utility to Capture Packets. Chinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco’s threat analysis unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/talos-no-cisco-zero-days-used-in-salt-typhoon-telecom-hacks-a-27576
-
Strategic? Functional? Tactical? Which type of CISO are you?
by
in SecurityNews
Tags: breach, business, ceo, cisco, ciso, cloud, compliance, cybersecurity, finance, governance, group, guide, healthcare, infrastructure, jobs, risk, service, skills, startup, strategy, technology, trainingTransformational, as in program-builders or turnaround agents.Operational, often early-career CISOs who are closer to the technology and work at small-to-midsize companies where they still perform some technical duties.Compliance, that is, risk experts typically found in highly regulated industries.Steady-state CISOs, who, in opposition to the transformational type, keep everything on an even keel.Customer-facing CISOs, usually found…
-
Salt Typhoon exploited 2018 Cisco bug to infiltrate US telecoms
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/salt-typhoon-exploited-2018-cisco-bug-to-infiltrate-us-telecoms
-
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
by
in SecurityNewsIn addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisco-salt-typhoon-exploitation-telecom
-
Talos: No Cisco Zero Days Used in Salt Typhon Telecom Hacks
by
in SecurityNews
Tags: breach, china, cisco, credentials, cyberespionage, cybersecurity, hacker, login, vulnerability, zero-dayChinese Nation-State Hackers Used a Custom Utility to Capture Packets. Chinese hackers who infiltrated U.S. telecoms likely only used one, known Cisco vulnerability, says Cisco’s cybersecurity unit. Otherwise, the Chinese nation-state cyberespionage operation known as Salt Typhoon used stolen login credentials living-off-the-land techniques, says Cisco Talos. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/talos-no-cisco-zero-days-used-in-salt-typhon-telecom-hacks-a-27576
-
Salt Typhoon used new custom malware in telecom attacks
by
in SecurityNewsThe China-backed hackers used compromised credentials to gain initial access to Cisco devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-salt-typhoon-used-new-custom-malware-in-telecom-attacks/740629/
-
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
by
in SecurityNewsCisco Talos observed Chinese hackers pivoting from a compromised device operated by one telecom to target a device in another telecom. The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-details-salt-typhoon-network-hopping-credential-theft-tactics/
-
Salt Typhoon Exploited Cisco Devices With Custom Tool to Spy on US Telcos
Chinese threat actor Salt Typhoon used JumbledPath, a custom-built utility, to gain access to a remote Cisco device, said the network provider First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/salt-typhoon-cisco-custom-tool/
-
Salt Typhoon Hackers Exploit Cisco Vulnerability to Gain Device Access on US.Telecom Networks
by
in SecurityNews
Tags: access, breach, cisco, credentials, cyber, cyberattack, exploit, government, hacker, network, threat, vulnerabilityA highly advanced threat actor, dubbed >>Salt Typhoon,
-
Sicherheits-News: Black Basta Ransomware Chats geleakt; Salt Typhoon-Angriffe auf US-Provider
by
in SecurityNewsZum Wochenabschluss noch kurze Meldungen aus dem Bereich der IT-Sicherheit. Ein Unbekannter hat angeblich Chat-Protokolle der Black Basta Ransomware-Gruppe geleakt. Und Cisco Talos nimmt sich die Angriffe der Salt Typhoon-Gruppe auf US-Telekommunikationsunternehmen mittels gestohlener Zugangsdaten zum Anlass, um Empfehlungen zur … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/21/sicherheits-news-black-basta-ransomware-chats-geleakt-salt-typhoon-angriffe-auf-us-provider/
-
Cisco-Router: Erneut Hackerangriffe auf US-Telekommunikationsunternehmen
by
in SecurityNewsChinesische Hacker attackieren weiter Telekommunikationsunternehmen weltweit. Nun sind sie erneut über ungepatchte Cisco IOS XE-Netzwerkgeräte bei US-Telekommunikationsanbietern eingedrungen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/cisco-router-erneut-hackerangriffe-auf-us-telekommunikationsunternehmen
-
How CISOs can rebuild trust after a security incident
by
in SecurityNews
Tags: attack, breach, business, cisco, ciso, cloud, communications, cybersecurity, data, firewall, group, incident response, jobs, linux, mobile, monitoring, risk, security-incident, service, software, strategy, vulnerabilityMaintaining sensitivity in accountability: Cisco’s Lidz emphasizes that transparency does not end at incident resolution.”Being transparent, internally in particular, by making sure stakeholders understand you and your team have learned from the incident, that there are things you would do better not just in terms of protections, but how you respond and react to incidents”…
-
CVE-2023-20198 CVE-2023-20273: RedMike Attacks 1,000+ Cisco Devices in Global Espionage Campaign
by
in SecurityNewsCybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt First seen on securityonline.info Jump to article: securityonline.info/cve-2023-20198-cve-2023-20273-redmike-attacks-1000-cisco-devices-in-global-espionage-campaign/
-
ClearML and Nvidia vulns
by
in SecurityNewsCisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/clearml-and-nvidia-vulns/
-
MSSP Market Update: Cisco Responds to Salt Typhoon Claims
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-cisco-responds-to-salt-typhoon-claims
-
New Salt Typhoon Attacks Target Cisco Devices
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-salt-typhoon-attacks-target-cisco-devices