Security News

Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities-which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. Two of the four flaws can be exploited to gain remote code execution on target systems by sending specially crafted chat messages in group conversations or specific individuals.

Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices. The vulnerabilities exist in the Distance Vector Multicast Routing Protocol feature of Cisco IOS XR Software and could allow an unauthenticated, remote attacker to immediately crash the Internet Group Management Protocol process, the company warned in an advisory over the weekend.

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw in the Distance Vector Multicast Routing Protocol feature of IOS XR to cause memory exhaustion denial of service.

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations.

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

Cisco over the weekend published information on a vulnerability in the IOS XR software that could be exploited to cause a denial of service condition. Cisco has warned that attackers are already attempting to exploit the vulnerability.

A former Cisco employee has pleaded guilty to hacking charges related to him accessing the networking giant's systems and causing damage. A few months after he resigned from the company, he gained unauthorized access to Cisco's AWS cloud infrastructure and deployed code that caused over 450 virtual machines associated with the Cisco Webex Teams application to be deleted.

A former Cisco Systems employee pleaded guilty this week to hacking into the networking company's cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco's collaboration application for enterprises.

Cisco this week released patches for ten high-risk vulnerabilities in NX-OS software, including some that could lead to code execution and privilege escalation. Tracked as CVE-2020-3517, the first of the flaws resides in the Fabric Services component and could lead to a denial of service condition in both FXOS and NX-OS software.

To help users control unwanted noise in meetings-be it from barking dogs, lawn mowers, a car alarm or sirens-Cisco announced its intent to acquire privately held BabbleLabs, headquartered in Campbell, CA. BabbleLabs uses advanced AI techniques to distinguish human speech from unwanted noise, enhancing the quality of communications and conferencing applications. Initially, Cisco will focus on integrating BabbleLabs to deliver a best-in-class audio experience to Webex Meetings users - wherever they are and however they connect via the Webex application.