Security News

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service attacks due to a vulnerability in the Snort detection engine. Cisco says the vulnerability is in the Ethernet Frame Decoder component of Snort.

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. Separately, the company also patched multiple flaws in Cisco Application Services Engine that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "Device-specific information, create tech support files in an isolated volume, and make limited configuration changes."

Cisco this week released patches for over a dozen vulnerabilities affecting multiple products, including three critical bugs impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Also featuring a CVSS score of 9.8, the third critical flaw that Cisco patched this week affects Nexus 3000 and Nexus 9000 series switches.

A critical vulnerability in Cisco Systems' intersite policy manager software could allow a remote attacker to bypass authentication. The flaw stems from improper token validation on an API endpoint in Cisco's ACI MSO. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller devices," said Cisco on Wednesday.

Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator installed on the Application Services Engine. "A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device," Cisco explained.

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer. Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer.

Verizon announced the expansion of its long-standing strategic partnership with Cisco, with the addition of three new SD-WAN managed services offerings. "These new services reflect the significant ongoing joint Cisco and Verizon research and development investments which aim to help customers accelerate change."

Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. Cisco Talos added: "Masslogger is a credential stealer and keylogger with the ability to exfiltrate data through SMTP, FTP or HTTP protocols. For the first two, no additional server-side components are required, while the exfiltration over HTTP is done through the Masslogger control panel web application."

Japan and Cisco announced a collaboration framework through Cisco's Country Digital Acceleration Program to drive mass-scale digitization across Japan in support of its Society 5.0 vision and towards an inclusive recovery from the global COVID-19 pandemic. The program in Japan was unveiled at virtual event attended by Guy Diedrich, Vice President and Global Innovation Officer at Cisco, and Ichiro Nakagawa, Vice President and Head of Japan at Cisco, Wayoh Suzuki, Chairman, Cisco Japan, with remarks via video from Takuya Hirai, Japan's Minister of State for Digital Transformation, the Minister of State for the Social Security and Tax Number System and Minister in charge of Information Technology Policy.

AppDynamics announced Cisco Secure Application, a solution to drastically simplify vulnerability management, defend against attacks and protect applications - from the inside-out. Co-innovated with the Cisco Security business, the world's largest enterprise security company, this new solution correlates security and application insights through a single solution.