Security News

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.

Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager for Cisco StarOS Software during internal security testing. "A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container," Cisco said.

Umbrella company Parasol Group has confirmed why it shut down part of its IT last week: it found unauthorised activity from an intruder. Tech freelancers suspected a cyberattack was to blame for the blackout and sure enough the Group wrote to customers at the close of last working week to explain in more detail what had happened.

A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component. The security flaw was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.

Researchers shed light on hidden root CAsHow widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits. How to achieve permanent server hardening through automationInformation security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber intrusions.

How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate chains and verification statuses in web visits. Many flaws in the implementation of hidden root CAs and certificates.

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things devices.

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality.