Security News

Cisco has addressed a vulnerability in the Firepower Device Manager On-Box software that could be exploited to gain code execution on vulnerable devices. FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics capabilities.

The Open Source Security Foundation, the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift. With open source software becoming a central pillar of the application development lifecycle, ensuring the security of open source code is essential to securing modern software, regardless of whether it is used on end-user devices or in enterprise environments.

On Thursday, Cisco published two blog posts outlining its hybrid work strategy and company tech enabling distributed workforces. While the articles provide a specific glimpse into the strategy and approach for one tech titan, the underlying concepts of enabling remote and on-site teams are front and center for companies worldwide in the age of hybrid work.

Airtel launched connectivity solutions for enterprises based on Cisco Software Defined Wide Area Networking technology. The Airtel Intelligent VPN solution is an automated and centrally managed SD-WAN offering available to Airtel's large customer base across India.

Cisco's Talos threat intelligence and research unit has disclosed the details of several critical vulnerabilities affecting a router monitoring application made by Taiwan-based industrial and IoT solutions provider Advantech. The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers.

Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance and Firepower Threat Defense software, warning that exploitation could lead to crippling denial-of-service attacks. In an advisory that carries a 'high-severity' rating, Cisco said the software cryptography module of both ASA and FTD software is affected by a vulnerability exploitable by either a remote authenticated attacker or an unauthenticated attacker in a man-in-the-middle position.

Kloudspot announced it has partnered with Cisco Meraki to help organizations offer safer and smarter workspace experiences for customers and employees. The Kloudspot Platform and KloudVision combine real-time location intelligence and video analytics collected from the Cisco Meraki intuitive cloud-first platform to securely integrate unique safety features - such as occupancy monitoring for social distancing, automated triggers and PPE compliance monitoring.

Cisco Talos researchers note in a new analysis that "Unauthorized software on end systems is never a good sign. Today it's a crypto miner, tomorrow it could be the initial payload in an eventual ransomware attack." Crypto mining has increased from 3% of all mining alerts in January 2020 to 6% in March 2021, according to analysis from Talos.

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation application and Cisco's Web Security Appliance and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs exist in the web-based management interface of the Cisco Business Process Automation, which is used to streamline various IT processes.

Cisco this week released patches for high-severity vulnerabilities in Business Process Automation and Web Security Appliance that expose users to privilege escalation attacks. An authenticated, remote attacker able to exploit these could elevate their privileges to administrator, Cisco warned in an advisory.