Cisco fixes WebEx bugs allowing ‘ghost’ attackers in meetings

Posted by & filed under Ειδοποιήσεις.

Cisco has fixed today three Webex Meetings security vulnerabilities that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. Cisco Webex is an online meeting and video conferencing software that can be used to schedule and join meetings. It also provides users with presentation, screen sharing, and recording capabilities. Cisco’s remote meetings… Read more »

Cisco discloses AnyConnect VPN Zero-Day – Exploit code available!

Posted by & filed under Ειδοποιήσεις.

Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release. However, the Cisco AnyConnect Secure Mobility Client security flaw has… Read more »

Cisco warns of attacks targeting high severity router vulnerability

Posted by & filed under Ειδοποιήσεις.

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. The vulnerability impacts third-party white box routers and the following Cisco… Read more »

New cryptojacking botnet uses SMB exploit to spread to Windows systems

Posted by & filed under Ειδοποιήσεις.

A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol. The attacker’s goal is to mine for Monero (XMR) cryptocurrency and enslave as many systems as possible for this task for increased profit. Complex campaign Researchers at Cisco Talos named… Read more »

Cisco fixes critical pre-auth flaws allowing router takeover

Posted by & filed under Ειδοποιήσεις.

Cisco today has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices that could lead to full device takeover. Cisco also issued a security update to patch a privilege escalation vulnerability in the Cisco Prime License Manager software. According to the… Read more »