Security News

Cisco announced its strategy to help communication service providers and web scale companies around the world connect, secure and automate their networks to deliver a stronger, more accessible internet to everyone, everywhere, regardless of geographic limitations. Answering the call, Cisco designed its Converged SDN Transport, an innovative blueprint designed to help service providers converge multiple networks into a common, cost efficient and secure infrastructure with enormous scale.

Cisco Secure unveiled the future of simple and effective security with infrastructure agnostic, passwordless authentication by Duo. Integrated seamlessly into the existing Duo authentication experience used by more than 25,000 organizations globally, Duo passwordless authentication will enable enterprise users to skip the password and securely log into cloud applications via security keys or biometrics built into modern laptops and smartphones.

This is the next important step in Cisco's journey to radically simplify security and networking by helping network operations and security operations teams securely connect users to applications. Cisco introduces the ability to purchase all core SASE product components in a single offer with the flexibility to easily transition to a single subscription service in the future, enabling organizations to start using Cisco's integrated architecture immediately.

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "Attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service condition," the networking major said in an advisory. In order to do this, an attacker needs to be authenticated to an Extensible Messaging and Presence Protocol server running the vulnerable software, as well as be able to send XMPP messages.

Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol. The vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.

A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers.

Tufin announced the release of the Policy Change Automation app for Cisco ACI, further advancing Tufin's leadership in security policy automation in Software Defined Networking environments. While automation solutions for ACI avoid manual errors and make change requests more efficient, they must accommodate a wide variety of possible implementations, deploying the right ACI contracts and relevant firewall rule changes.

Cisco announced the appointment of Marianna Tessel to its board of directors. "We are excited to welcome Marianna to the Cisco Board," said Chuck Robbins, chairman and CEO, Cisco.

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service attacks due to a vulnerability in the Snort detection engine. Cisco says the vulnerability is in the Ethernet Frame Decoder component of Snort.

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. Separately, the company also patched multiple flaws in Cisco Application Services Engine that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "Device-specific information, create tech support files in an isolated volume, and make limited configuration changes."