Security News

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices. These phone adapters are a popular choice in the industry for incorporating analog phones into VoIP networks without upgrading.

Threat actor APT28 is exploiting an old vulnerability in Cisco routers using Simple Network Management Protocol versions 1, 2c and 3 to target the U.S., Europe and Ukraine. The advisory states that in 2021, APT28 used malware to exploit an SNMP vulnerability, known as CVE-2017-6742, that was reported and patched on June 29, 2017, by Cisco.

Cisco disclosed today a zero-day vulnerability in the company's Prime Collaboration Deployment software that can be exploited for cross-site scripting attacks. Tracked as CVE-2023-20060, the bug was found in the web-based management interface of Cisco PCD 14 and earlier by Pierre Vivegnis of the NATO Cyber Security Centre.

Find out why extended detection and response was at the center of Cisco's launch activities at RSA, including the company's announcement about its cloud-based XDR service. XDR is not SIEM. Gillis explained that XDR serves a different purpose than traditional security information and event management.

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director, which resides in the web UI component and arises as a result of improper input validation when uploading a Device Pack.

U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against targets. The activity has been attributed to a threat actor tracked as APT28, which is also known as Fancy Bear, Forest Blizzard, FROZENLAKE, and Sofacy, and is affiliated with the Russian General Staff Main Intelligence Directorate.

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device. A joint report released today by the UK National Cyber Security Centre, US Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI details how the APT28 hackers have been exploiting an old SNMP flaw on Cisco IOS routers to deploy a custom malware named 'Jaguar Tooth.

The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance. In a joint advisory issued Tuesday, the UK National Cyber Security Centre, the NSA, America's Cybersecurity and Infrastructure Security Agency and the FBI provided details about how Russia's APT28 - aka FancyBear and Stronium - exploited an old vulnerability in unpatched Cisco routers in 2021 to collect network information belonging to European and US government organizations, and about 250 Ukrainian victims.

Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability. The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input.