Security News

Cisco's 2023 Data Privacy Benchmark Study found that companies that invest in closing the gap are benefitting: The study found that the estimated dollar value of benefits from privacy rose more than 13% in 2022 to $3.4 million from $3.0 million the year before, with significant gains across the various organization sizes. A Cisco blog about its 2023 Data Privacy Benchmark Survey said its estimated $3.4 million value of benefits from privacy initiatives constituted 1.8 times spending on privacy, with 36% of organizations getting returns at least twice their spending.

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access...

Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks. "An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file," Cisco explains in a security advisory published on Wednesday.

Cisco has released patches for a high-severity vulnerability found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can't be deleted by simply rebooting the device or updating its firmware. "In this case, the command injection bypasses mitigations Cisco has in place to ensure vulnerabilities do not persist in a system. Side-stepping this security measure means that if an attacker exploits this vulnerability, the malicious package will keep running until the device is factory reset or until it is manually deleted," according to Trellix vulnerability researchers Sam Quinn and Kasimir Schulz.

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain. By chaining two security flaws disclosed last week, threat actors can bypass authentication and execute arbitrary commands on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

Cisco has warned of two security vulnerabilities affecting end-of-life Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept exploit. The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system.

Cisco has acknowledged one critical and two medium-severity vulnerabilities affecting some of its Small Business series of routers, but won't be fixing them as the devices "Have entered the end-of-life process." Proof-of-concept exploit code for CVE-2023-20025 and CVE-2023-20026 is available online, but there is currently no indication of any of these flaws being exploited by attackers.

Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life VPN routers. The security flaw was found in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers by Hou Liuyang of Qihoo 360 Netlab.

Microsoft Office files, particularly Excel and Word files, have been targeted by some cybercriminals for a long time. As exposed in new research from Cisco Talos, threat actors might leverage event handling functions in Excel files in order to automatically launch.

A report released on Tuesday by researchers from Cisco's Talos threat intelligence group dissected one: XLL files in Excel. Microsoft describes XLL files as "a type of dynamic link library file that can only be opened by Excel".