Security News

Hackers inject malicious JS in Cisco store to steal credit cards, credentials
2024-09-04 15:48

Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided...

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
2024-08-22 16:13

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade...

Cisco calls for United Nations to revisit cyber crime Convention
2024-08-22 06:32

Echoes human rights groups' concerns that it could suppress free speech and more Networking giant Cisco has suggested the United Nations' first-ever convention against cyber crime is dangerously...

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
2024-08-09 05:41

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed that threat actors are abusing the legacy Cisco Smart Install feature with the aim of accessing sensitive data. The agency said it has seen adversaries "Acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now's the time to junk 'em
2024-08-09 00:30

A boffin from British defence contractor BAE has found three critical flaws in Cisco's Small Business SPA300 and SPA500 IP phones - and another couple of nasties - none of which will be fixed or mitigated. In an advisory published on Wednesday, Cisco explained the three most serious flaws - all rated CVSS 9.8 - affect the web-based management interface of the devices and could allow an unauthenticated remote attacker to gain root privileges.

Cisco warns of critical RCE zero-days in end of life IP phones
2024-08-08 21:27

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. [...]

Exploit released for Cisco SSM bug allowing admin password changes
2024-08-08 19:01

Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM...

CISA warns of hackers abusing Cisco Smart Install feature
2024-08-08 17:23

CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. [...]

Critical Cisco bug lets hackers add root users on SEG devices
2024-07-18 12:48

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway appliances using emails with malicious attachments. "This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. A successful exploit could allow the attacker to replace any file on the underlying file system," Cisco explained.

Maximum-severity Cisco vulnerability allows attackers to change admin passwords
2024-07-18 10:37

Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1 rating and affects the authentication system of Cisco Smart Software Manager On-Prem.