Security News

Cisco has added new security features that significantly mitigate brute-force and password spray attacks on Cisco ASA and Firepower Threat Defense (FTD), helping protect the network from breaches...

Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. The...

Hackers backdoored Cisco ASA devices via two zero-daysA state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday. How to optimize your bug bounty programsIn this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers.

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday."On a compromised ASA, the attackers submit shellcode via the host-scan-reply field, which is then parsed by the Line Dancer implant. The host-scan-reply field, typically used in later parts of the SSL VPN session establishment process, is processed by ASA devices configured for SSL VPN, IPsec IKEv2 VPN with 'client-services' or HTTPS management access," the researchers explained.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)...

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. "But the problem is nobody has complete visibility of what exploits actually exist," he added, and advised admins to upgrade to the latest ASA release on all devices that have the AnyConnect SSL VPN feature enabled on the device's interface.

A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.The issue, assigned the identifier CVE-2022-20866, has been described as a "Logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software.

Tracked as CVE-2022-20866, this security flaw is due to a weakness in handling RSA keys on ASA and FTD devices. If successfully exploited, it can let unauthenticated attackers retrieve an RSA private key remotely, which they can use to decrypt the device traffic or impersonate Cisco ASA/FTD devices.

Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance and Firepower Threat Defense software, warning that exploitation could lead to crippling denial-of-service attacks. In an advisory that carries a 'high-severity' rating, Cisco said the software cryptography module of both ASA and FTD software is affected by a vulnerability exploitable by either a remote authenticated attacker or an unauthenticated attacker in a man-in-the-middle position.