Security News

Security researchers believe the Akira ransomware group could be exploiting a nearly four-year-old Cisco vulnerability and using it as an entry point into organizations' systems. In eight of security company TrueSec's most recent incident response engagements that involved Akira and Cisco's AnyConnect SSL VPN as the entry point, at least six of the devices were running versions vulnerable to CVE-2020-3259, which was patched in May 2020.

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to...

Cisco is warning that several of its Unified Communications Manager and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. Cisco's Unified Communications and Contact Center Solutions are integrated solutions that provide enterprise-level voice, video, and messaging services, as well as customer engagement and management.

Cisco has fixed a critical vulnerability in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system.Cisco Unity Connection is a unified messaging and voicemail solution for email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, and tablet.

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked...

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. Unity Connection is a fully virtualized messaging and voicemail solution for email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, or tablets with high availability and redundancy support.

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the...

We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware. More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.

Cisco's executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle. Speaking at the Asia Pacific incarnation of the Cisco Live event today, in Melbourne, Australia, Patel offered the infosec maxim that attackers only need to get it right once, but defenders need to get it right every time.

Criminal IP, a prominent Cyber Threat Intelligence search engine developed by AI SPERA, has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors by providing a comprehensive solution for threat intelligence and risk assessment. Cisco is a global leader in technology that delivers innovative software-defined networking, cloud, and security solutions, including secure access, vulnerability management, network segmentation, and threat response.