Cyber Security Newsfeeds from around the world
Current Description. A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The …
Continue ReadingCurrent Description. A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is du…
Continue ReadingCurrent Description. A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Ses…
Continue ReadingYour customers are targeted by malware thousands of times a day, with upwards of 90 percent of detected malware originating from email and browser threat vectors. Much of it is ransomware; more than 400,000 machines were infected by the WannaCry virus …
Continue ReadingCurrent Description. A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrec…
Continue ReadingThe first of the three high rated vulnerabilities (CVE-2018-0296) is in Cisco AsyncOS Software for Cisco Web Security Appliances. The flaw could allow an unauthenticated attacker to create a scenario where a device reloads automatically resulting in a …
Continue ReadingThe start of the year seemed to open with a bang on the cybersecurity news front. The Spectre and Meltdown vulnerabilities made headlines with fears that they could be as bad, if not worse, than the previous Heartbleed vulnerability that made its mark …
Continue ReadingThe history of firewalling technology is one of a gradual movement, in technological terms, from passivity to activity. The first iterations of hardware and software firewalls were merely port filters — disallowing incoming packets based on the require…
Continue ReadingIn this paper, we show that reusing a key pair across different versions and modes of IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. We exploit a Bleichenbacher oracle in an …
Continue Readinghas launched security patches for its widely used Internet Operating System (IOS) and Internet Operating System XE (IOS XE) software, in front of a forthcoming announcement of cybersecurity experts planning to reveal a flaw in the Internet Key Exchange…
Continue Reading