Security News

The flaw exists in Cisco IOS XE. This Linux-based version of Cisco's Internetworking Operating System is used in Cisco software-defined wide area network routers. In March, Cisco issued 24 patches tied to vulnerabilities in its IOS XE operating system.

Cisco this week released security patches to address numerous vulnerabilities across its products, including critical severity flaws that impact IP Phones and UCS Director. The critical vulnerability patched in IP Phones impacts the web server and could allow a remote, unauthenticated attacker to execute code with root privileges.

Cisco is warning of a critical flaw in the web server of its IP phones. Cisco issued patches in a Wednesday advisory for the flaw, which affects various versions of its Cisco IP phones for small- to medium-sized businesses.

Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS Director and Cisco UCS Director Express for Big Data, its unified infrastructure management solutions for data center operations. Jacob Baines, a research engineer with Tenable, unearthed two critical flaws affecting the Cisco Wireless IP Phone 8821.

Cisco, Altiostar, an innovator in open virtual RAN technology, and World Wide Technology, a market-leading $12 billion technology solution provider, announced the companies are working together on an Open vRAN blueprint that will accelerate the deployment of 4G/5G OpenRAN solutions in service provider networks. The combined solution will help service providers deploy fully integrated open, cloud-based virtualized RAN solutions based on technologies created by Cisco and Altiostar and that will be brought to market using the sales, integration and deployment capabilities of WWT. "Innovation in mobile networking and open virtualized RAN is continuing at a rapid pace," said Bob Everson, Senior Director of 5G Architecture, Cisco.

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

Cisco has conducted a research project on bypassing fingerprint authentication systems and it achieved a success rate of roughly 80 percent, but the company's experts were unsuccessful against Windows devices. In the case of mobile phones, the researchers bypassed fingerprint authentication on a majority of devices.

According to Cisco, a primary cause for too many solutions is the tendency to rely on technology to solve the problems of increased security complexity. "As organizations increasingly embrace digital transformation, CISOs are placing higher priority in adopting new security technologies to reduce exposure against malicious actors and threats," comments Steve Martino, SVP and CISO at Cisco.

Between Jan. 20 and March 11, researchers observed APT41 exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of the widespread espionage campaign. Starting on Jan. 20, researchers observed the threat group attempting to exploit the notorious flaw in Citrix Application Delivery Controller and Citrix Gateway devices revealed as a zero-day then patched earlier this year.

A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products, FireEye reported on Wednesday. "It's unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature," FireEye said.