Security News

Cisco merch shoppers stung in Magecart attack
2024-09-06 20:00

The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June Bad news for anyone who purchased a Cisco hoodie earlier this month: Suspected Russia-based attackers...

Cisco's Smart Licensing Utility flaws suggest it's pretty dumb on security
2024-09-05 18:15

Two critical holes including hardcoded admin credential If you're running Cisco's supposedly Smart Licensing Utility, there are two flaws you ought to patch right now.…

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
2024-09-05 04:40

Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access...

Cisco fixes root escalation vulnerability with public exploit code
2024-09-04 18:33

Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. [...]

Cisco warns of backdoor admin account in Smart Licensing Utility
2024-09-04 16:58

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. [...]

Hackers inject malicious JS in Cisco store to steal credit cards, credentials
2024-09-04 15:48

Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided...

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
2024-08-22 16:13

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade...

Cisco calls for United Nations to revisit cyber crime Convention
2024-08-22 06:32

Echoes human rights groups' concerns that it could suppress free speech and more Networking giant Cisco has suggested the United Nations' first-ever convention against cyber crime is dangerously...

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
2024-08-09 05:41

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em
2024-08-09 00:30

A boffin from British defence contractor BAE has found three critical flaws in Cisco's Small Business SPA300 and SPA500 IP phones - and another couple of nasties - none of which will be fixed or mitigated. In an advisory published on Wednesday, Cisco explained the three most serious flaws - all rated CVSS 9.8 - affect the web-based management interface of the devices and could allow an unauthenticated remote attacker to gain root privileges.