Security News

CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
2024-02-16 15:42

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)...

Akira, LockBit actively searching for vulnerable Cisco ASA devices
2024-02-08 12:22

Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. "But the problem is nobody has complete visibility of what exploits actually exist," he added, and advised admins to upgrade to the latest ASA release on all devices that have the AnyConnect SSL VPN feature enabled on the device's interface.

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products
2024-02-08 05:10

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected...

Critical Cisco bug exposes Expressway gateways to CSRF attacks
2024-02-07 18:22

Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery attacks.Unauthenticated attackers can exploit the two critical CSRF vulnerabilities patched today to target unpatched Expressway gateways remotely.

Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks
2024-01-31 17:45

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems. In eight of security company TrueSec's most recent incident response engagements that involved Akira and Cisco's AnyConnect SSL VPN as the entry point, at least six of the devices were running versions vulnerable to CVE-2020-3259, which was patched in May 2020.

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
2024-01-26 05:13

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to...

Cisco warns of critical RCE flaw in communications software
2024-01-25 14:41

Cisco is warning that several of its Unified Communications Manager and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. Cisco's Unified Communications and Contact Center Solutions are integrated solutions that provide enterprise-level voice, video, and messaging services, as well as customer engagement and management.

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)
2024-01-11 11:56

Cisco has fixed a critical vulnerability in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system.Cisco Unity Connection is a unified messaging and voicemail solution for email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, and tablet.

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
2024-01-11 04:55

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked...

Cisco says critical Unity Connection bug lets attackers get root
2024-01-10 20:42

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. Unity Connection is a fully virtualized messaging and voicemail solution for email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, or tablets with high availability and redundancy support.