Security News

With this acquisition, Cisco will transform the way security and IT teams collaborate to reduce the attack surface and the time it takes to detect and respond. With Kenna's technology, Cisco Security will be combining threat and risk-based vulnerability management as part of the SecureX platform, expanding the platform experience and enabling comprehensive scorecards for security controls and threat response performance.

Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. The company's AnyConnect Secure Mobility Client allows working on corporate devices connected to a secure Virtual Private Network through Secure Sockets Layer and IPsec IKEv2 using VPN clients available for all major desktop and mobile platforms.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Building on the seamlessly integrated experience of Box and Webex, the two companies are introducing a new integration which will enable users to connect a Box folder of their choice within Webex messaging, and any content shared in the space will be securely added to the same Box folder. "We are thrilled to expand our partnership with Cisco as we continue to advance secure work in the Content Cloud," said Aaron Levie, Co-Founder and Chief Executive Officer of Box.

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. The HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498, affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0.

Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution on corporate networks or steal information. The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.

Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform. Two critical vulnerabilities were patched in the SD-WAN vManage software, alongside three high-severity issues.

Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts. Cisco SD-WAN vManage Software vulnerabilities patched today by Cisco could enable unauthenticated, remote attackers to execute arbitrary code or access sensitive information.

Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service attacks. An attacker able to abuse it may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren't sufficiently validated, and affects Firepower 4100 and Firepower 9300 series appliances.

Industrial automation giant Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco's IOS XE software. Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software.