Security News

Cisco on Wednesday announced the release of patches for 17 high-severity vulnerabilities in its security appliances as part of its Security Advisory Bundled Publication for October 2020. The vulnerabilities have been found to impact Adaptive Security Appliance, Firepower Threat Defense, and Firepower Management Center.

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," according to Cisco in an update released on Wednesday. The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager, which exists in the Firepower Extensible Operating System and provides management capabilities.

Cisco has released two studies examining how workers feel about the current state of play when it comes to remote work security and data privacy, finding that thousands around the world are increasingly concerned about how their employers are handling the massive societal changes that have occurred over the last six months. "Cisco's latest privacy research highlights that people care deeply about protecting their data, and many have stopped doing business with companies due to data privacy concerns," said Brad Arkin, senior vice president and chief security and trust officer at Cisco.

Chinese state-sponsored hackers are targeting a Cisco Discovery Protocol vulnerability that was disclosed earlier this year, the networking giant and the U.S. National Security Agency revealed on Tuesday. The list includes several vulnerabilities that were not known to have been targeted, including CVE-2020-3118, which impacts Cisco products.

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company's Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

Cisco has issued patches for high-severity vulnerabilities plaguing its popular Webex video-conferencing system, its video surveillance IP cameras and its Identity Services Engine network administration product. Overall, Cisco on Wednesday issued the three high-severity flaws along with 11 medium-severity vulnerabilities.

A US district judge has ordered Cisco to pay $1.9 billion to Centripetal Networks, Inc., for infringing on four patents related to cybersecurity. The company has developed technology for operationalizing and automating threat intelligence and has been awarded various patents in the United States and abroad. In a lawsuit filed in the Eastern District of Virginia in March 2018, the company claimed that numerous Cisco product series have been infringing on five of its patents for years.

Cisco this week announced plans to acquire Kubernetes-native security platform Portshift. Founded in 2018 and based in Tel Aviv, Israel, Portshift focuses on providing security for Kubernetes and containers, and takes an agentless approach to delivering vulnerability protection across images, containers, and deployments.

Two researchers at the Cisco Talos Intelligence Group examined misleading and incorrect posts on social media to understand why so many people share misinformation and help spread propaganda online. Disinformation is what criminals and foreign actors do: The intentional spreading of false information with the intent to deceive.

Cisco this week released patches for two high-severity vulnerabilities in IOS XR software that have been actively exploited in attacks for over a month. Tracked as CVE-2020-3566 and CVE-2020-3569 and featuring a CVSS score of 8.6, the two flaws were made public in late August, when Cisco revealed that hackers were already targeting them in attacks.