Security News

Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution. Initially disclosed in November 2020, the flaw affects the interprocess communication channel of the secure VPN application and could be abused by a local attacker to cause an AnyConnect user to run a malicious script.

Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology. Santa Clara, Calif.-based Kenna provides a risk-based vulnerability management platform that helps organizations identify and determine which vulnerabilities pose the highest risk so that security teams don't waste valuable time on weaknesses that are unlikely to be exploited.

With this acquisition, Cisco will transform the way security and IT teams collaborate to reduce the attack surface and the time it takes to detect and respond. With Kenna's technology, Cisco Security will be combining threat and risk-based vulnerability management as part of the SecureX platform, expanding the platform experience and enabling comprehensive scorecards for security controls and threat response performance.

Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. The company's AnyConnect Secure Mobility Client allows working on corporate devices connected to a secure Virtual Private Network through Secure Sockets Layer and IPsec IKEv2 using VPN clients available for all major desktop and mobile platforms.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Building on the seamlessly integrated experience of Box and Webex, the two companies are introducing a new integration which will enable users to connect a Box folder of their choice within Webex messaging, and any content shared in the space will be securely added to the same Box folder. "We are thrilled to expand our partnership with Cisco as we continue to advance secure work in the Content Cloud," said Aaron Levie, Co-Founder and Chief Executive Officer of Box.

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498, affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0.

Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information. The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.

Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform. Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues.

Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. Cisco SD-WAN vManage Software vulnerabilities patched today by Cisco could enable unauthenticated, remote attackers to execute arbitrary code or access sensitive information.