Security News

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

Cisco this week announced that it has patched tens of vulnerabilities in its IOS software, including a dozen security flaws that impact the company's industrial routers and switches. A dozen vulnerabilities appear to impact the company's industrial products.

Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company's carrier-grade and industrial routers and switches. Cisco IOS - a family of network operating systems used on many Cisco Systems routers and network switches.

Members of Cisco's Talos threat intelligence and research group have identified two vulnerabilities in the Zoom client application that can allow a remote attacker to write files to the targeted user's system and possibly achieve arbitrary code execution. CVE-2020-6109 is related to the way Zoom processes GIF image files.

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco's Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists configured on affected Nexus switches - and launch a denial of service attacks on the devices.

A vulnerability related to the IP-in-IP tunneling protocol that can be exploited for denial-of-service attacks and to bypass security controls has been found to impact devices from Cisco and other vendors. Cisco has released security updates to address the vulnerability in its NX-OS software.

Six Cisco-operated servers were hacked via SaltStack security vulnerabilities, the networking giant revealed this week. The compromised systems act as the salt-master servers for releases 1.2 and 1.3 of Cisco's Virtual Internet Routing Lab Personal Edition product, and customer installations connect to these Cisco-maintained backend boxes.

Cisco on Thursday said that it plans to acquire privately held network intelligence firm ThousandEyes, as the networking giant looks to boost network visibility and intelligence across its enterprise networking, cloud and application services portfolios. Headquartered in San Francisco and founded in 2010, ThousandEyes provides an internet intelligence platform that delivers deep visibility and insights into application and services delivery over the Internet.

Earlier this month, when F-Secure publicly revealed the existence of two vulnerabilities affecting SaltStack Salt and attackers started actively exploiting them, Cisco was among the victims. The revelation was made on Thursday, when Cisco published an advisory saying that, on May 7, 2020, they've discovered the compromise of six of their salt-master servers, which are part of the Cisco VIRL-PE service infrastructure.

Now, Cisco reveals that salt-master servers that are used with Cisco Virtual Internet Routing Lab Personal Edition were upgraded on May 7, and that, on the same day, they were found to have been compromised through the aforementioned vulnerabilities. "Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised. The servers were remediated on May 7, 2020," the company announced in an advisory.