Security News

Learn how a malicious driver exploits a loophole in the Windows operating system to run at kernel level. Cisco Talos discovered a new Microsoft Windows policy loophole that allows a threat actor to sign malicious kernel-mode drivers executed by the operating system.

Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.

Proof-of-concept exploit code for the high-severity vulnerability in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. Cisco Secure Client Software - previously known as Cisco AnyConnect Secure Mobility Client - is unified endpoint security software designed to assist businesses in expanding their network access capabilities and enabling remote employees to connect via both wired and wireless connections, including VPN. In early June, Cisco published a security advisory about CVE-2023-20178, a vulnerability in the client update process of both Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows.

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows that can let attackers elevate privileges to SYSTEM. Cisco Secure Client helps employees to work from anywhere using a secure Virtual Private Network and provides network admins with telemetry and endpoint management features.Cisco released security updates to address this security bug last Tuesday when it said its Product Security Incident Response Team did not have evidence of malicious use or public exploit code targeting the bug in the wild.

The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. As BleepingComputer reported on Wednesday, Windows admins and users report having issues launching the web browser after installing the KB5027231 Windows 11 updates.

At its LIVE 2023 event in Las Vegas this week, Cisco revealed an array of solutions, paving stones on its path to a platform strategy called Cisco Security Cloud. In an interview with TechRepublic about Cisco LIVE 2023, Patel said the new technologies addressed a need to simplify security operations and address security considerations caused by the shift to hybrid work.

VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 that could allow a malicious actor with network access to achieve remote code execution.

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client software that can let attackers escalate privileges to the SYSTEM account used by the operating system."An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process."

A Florida man has pleaded guilty to importing and selling counterfeit Cisco networking equipment to various organizations, including education, government agencies, healthcare, and the military. A U.S. Department of Justice announcement published yesterday says Aksoy pleaded guilty in the U.S. District Court of New Jersey, admitting that he defrauded many people and companies by selling them low-quality equipment made to appear as new Cisco models.

Cisco rolled out patches for four critical security vulnerabilities in several of its network switches for small businesses that can be exploited to remotely hijack the equipment. The networking giant this week said in an advisory that organizations with service contracts that include regular software updates should get fixes for the security holes through their usual update channels.