Security News

Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain potentially sensitive files from the targeted system. Cisco has also highlighted that exploiting the vulnerability only allows the attacker to access files on the web services file system, not ASA or FTD system files or files on the underlying operating system.

Cisco has fixed 33 CVE-numbered flaws in a variety of its devices, including five critical ones affecting RV-series VPN routers and firewalls and Cisco Prime License Manager, which is used by enterprises to manage user-based licensing. Cisco Small Business RV110W Wireless-N VPN Firewalls with firmware releases prior to v1.2.2.8 can be taken over by attackers via a system account has a default and static password.

Juniper Networks this week informed customers that it has patched many vulnerabilities in its products, mostly ones that can be exploited for denial-of-service attacks. Over a dozen advisories have been published by the company to describe several vulnerabilities that are specific to Juniper products, as well as tens of flaws impacting third-party components.

Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible. Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.

Palo Alto Networks on Wednesday unveiled a new firewall powered by machine learning, a firewall for Kubernetes, and an IoT security solution. Palo Alto Networks has announced a new next-generation firewall that uses machine learning to help organizations detect and block threats.

"Small and midsize organizations without adequate security resources require the best of both worlds. With leading throughput levels, layered security services, zero-touch SD-WAN capabilities and many other benefits, our new line of tabletop security appliances provides just that." WatchGuard's new tabletop security appliances are built to provide the advanced throughput and improved HTTPS traffic processing today's organizations need to keep up with the ever-increasing velocity of business, along with a comprehensive set of security services.

Zyxel Networks announced USG FLEX, a new series of mid-range firewalls designed for SMBs to keep up with the workplace mobility, connectivity and security requirements post-pandemic. Zyxel's new USG FLEX 100, USG FLEX 200 and USG FLEX 500 firewalls feature upgraded hardware and software power that level up SMB security with up to 125 percent of firewall performance and up to an additional 500 percent Unified Threat Management performance.

Malicious actors targeting a zero-day vulnerability in Sophos XG Firewall appliances last month attempted to deploy ransomware after Sophos started taking measures to neutralize the attack. One of the files deployed by the attackers would act as a "Dead man switch," to launch a ransomware attack when a specific file would be deleted on unpatched firewalls during a reboot or power-cycle, the security company reveals.

Is the future of information security and tech conferences virtual?While RSA Conference USA - the largest information security conference in the world - managed to take place mere weeks before the World Health Organization declared COVID-19 a pandemic, European countries started closing borders and airlines started suspending routes and grounding planes, most infosec and tech events scheduled to take place after it were doomed. Understanding the basics of API securityThis is the first of a series of articles that introduces and explains application programming interfaces security threats, challenges, and solutions for participants in software development, operations, and protection.

Attackers have been targeting the Sophos XG Firewall using a zero-day exploit, according to the security firm - with the ultimate goal of dropping the Asnarok malware on vulnerable appliances. Firewalls manually configured to expose a firewall service to the WAN zone that shares the same port as the admin or user portal were also affected," the firm explained.