Security News

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. "The threat actors gathered administrator-level credentials to gain access to Cisco Nexus switches and deploy a previously unknown custom malware that allowed them to remotely connect to compromised devices, upload additional files and execute malicious code."

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr and the Social Democratic Party of Germany via their self-hosted Cisco Webex instances similarly affected the Webex cloud service. "The cause of the vulnerability is again Cisco does not use random numbers to assign numbers used for meetings," Netzbegrünung explained.

A new report from Cisco Talos exposed the activities of a threat actor known as LilacSquid, or UAT-4820. The threat actor exploits vulnerable web applications or uses compromised Remote Desktop Protection credentials to successfully compromise systems by infecting them with custom PurpleInk malware.

Cisco's acquisition of Splunk is playing out with a new full-stack observability product, the Unified Observability Experience, Cisco announced at the Cisco Live conference on June 5. As part of the same suite of conference announcements, Cisco also showed off the initial availability of a free trial version of Motific, a generative AI delivery platform made in concert with Mistral AI. Unified Observability Experience creates easy connections between AppDynamics and Splunk Platform.

Cisco will invest $1 billion in AI and package a new networking solution with NVIDIA's AI infrastructure, the organization announced at its annual consumer event on June 4. Cisco partners with NVIDIA on Nexus HyperFabric AI clusters.

Craig Bates, Splunk vice president of Australia and New Zealand, said the deal will help customers defend against modern threats by tooling security operations centres up with end-to-end security and observability. He added security data unification will be key to organisations in the future as they battle threats increasingly launched with the aid of AI. What does the Cisco and Splunk combination mean for cyber security software customers?

Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. These devices all had "Counterfeit Cisco labels, stickers, boxes, documentation, and packaging, all bearing counterfeit trademarks registered and owned by Cisco that made the goods falsely appear to be new, genuine, and high-quality devices manufactured and authorized by Cisco."

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Hackers backdoored Cisco ASA devices via two zero-daysA state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday. How to optimize your bug bounty programsIn this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers.