Security News

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw in the Distance Vector Multicast Routing Protocol feature of IOS XR to cause memory exhaustion denial of service.

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations.

Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device. "An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.

Cisco over the weekend published information on a vulnerability in the IOS XR software that could be exploited to cause a denial of service condition. Cisco has warned that attackers are already attempting to exploit the vulnerability.

A former Cisco employee has pleaded guilty to hacking charges related to him accessing the networking giant's systems and causing damage. A few months after he resigned from the company, he gained unauthorized access to Cisco's AWS cloud infrastructure and deployed code that caused over 450 virtual machines associated with the Cisco Webex Teams application to be deleted.

A former Cisco Systems employee pleaded guilty this week to hacking into the networking company's cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco's collaboration application for enterprises.

Cisco this week released patches for ten high-risk vulnerabilities in NX-OS software, including some that could lead to code execution and privilege escalation. Tracked as CVE-2020-3517, the first of the flaws resides in the Fabric Services component and could lead to a denial of service condition in both FXOS and NX-OS software.

To help users control unwanted noise in meetings-be it from barking dogs, lawn mowers, a car alarm or sirens-Cisco announced its intent to acquire privately held BabbleLabs, headquartered in Campbell, CA. BabbleLabs uses advanced AI techniques to distinguish human speech from unwanted noise, enhancing the quality of communications and conferencing applications. Initially, Cisco will focus on integrating BabbleLabs to deliver a best-in-class audio experience to Webex Meetings users - wherever they are and however they connect via the Webex application.

Cisco Systems disclosed eight high-severity bugs impacting a range of its networking gear, including its switches and fiber storage solutions. Cisco's NX-OS was hardest hit, with six security alerts tied to the network operating system that underpins the networking giant's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

Cisco patched a critical flaw in its wide area network software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services, which is software that Cisco describes as a "WAN optimization solution." It helps manage business applications that are being leveraged in virtual private cloud infrastructure.