Latest Cisco news

Cisco fixes hard-coded root credentials in Emergency Responder

Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials.
- Sergiu Gatlan
- October 04, 2023
- 12:43 PM
- 1
Cisco urges admins to fix IOS software zero-day exploited in attacks

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.
- Sergiu Gatlan
- September 28, 2023
- 11:34 AM
- 0
Cisco Catalyst SD-WAN Manager flaw allows remote server access

Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server.
- Bill Toulas
- September 28, 2023
- 11:15 AM
- 0
US and Japan warn of Chinese hackers backdooring Cisco routers

A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
- Bill Toulas
- September 27, 2023
- 11:51 AM
- 0
Fake Cisco Webex Google Ads abuse tracking templates to push malware

Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware.
- Bill Toulas
- September 14, 2023
- 09:47 AM
- 2
The Week in Ransomware - September 8th 2023 - Conti Indictments

It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members.
- Lawrence Abrams
- September 08, 2023
- 05:45 PM
- 0
Cisco warns of VPN zero-day exploited by ransomware gangs

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
- Bill Toulas
- September 08, 2023
- 09:32 AM
- 0
Cisco BroadWorks impacted by critical authentication bypass flaw

A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.
- Bill Toulas
- September 07, 2023
- 04:10 PM
- 0
Hacking campaign bruteforces Cisco VPNs to breach networks

Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).
- Sergiu Gatlan
- August 30, 2023
- 12:00 PM
- 0
Akira ransomware targets Cisco VPNs to breach organizations

There's mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.
- Bill Toulas
- August 22, 2023
- 09:00 AM
- 0
Cisco SD-WAN vManage impacted by unauthenticated REST API access

The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected instance.
- Bill Toulas
- July 13, 2023
- 05:53 PM
- 0
Cisco warns of bug that lets attackers break traffic encryption

Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.
- Sergiu Gatlan
- July 06, 2023
- 06:35 AM
- 4
Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users

The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions.
- Sergiu Gatlan
- June 16, 2023
- 12:56 PM
- 1
Cisco fixes AnyConnect bug giving Windows SYSTEM privileges

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system.
- Sergiu Gatlan
- June 07, 2023
- 02:29 PM
- 0
CEO guilty of selling counterfeit Cisco devices to military, govt orgs

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military.
- Bill Toulas
- June 07, 2023
- 10:19 AM
- 3
Cisco warns of critical switch bugs with public exploit code

Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches.
- Sergiu Gatlan
- May 17, 2023
- 02:50 PM
- 0
Cisco phone adapters vulnerable to RCE attacks, no fix available

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices.
- Bill Toulas
- May 04, 2023
- 01:28 PM
- 0
Cisco discloses XSS zero-day flaw in server management tool

Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment (PCD) software that can be exploited for cross-site scripting attacks.
- Sergiu Gatlan
- April 26, 2023
- 02:51 PM
- 5
Hackers can breach networks using data on resold corporate routers

Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information.
- Ionut Ilascu
- April 23, 2023
- 12:32 PM
- 2
US, UK warn of govt hackers using custom malware on Cisco routers

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device.
- Lawrence Abrams
- April 18, 2023
- 05:42 PM
- 1