HackDig : Dig high-quality web security articles

Cisco VPNs without MFA are under attack by ransomware operator

The Cisco Product Security Incident Response Team (PSIRT) has posted a blog about Akira ransomware targeting VPNs without Multi-Factor Authentication (MFA). The Cisco team states that it is aware of reports of the Akira ransomware group going specifically after Cisco VPNs that are not configured for MFA. And they have observed instances where cybercriminals
Publish At:2023-08-29 22:06 | Read:241014 | Comments:0 | Tags:Business News Cisco VPN Akira ransomware brute-force credent

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

Cisco addressed three high-severity flaws in NX-OS and FXOS software that could cause denial-of-service (DoS) conditions. Cisco this week addressed multiple flaws in its products, including three high-severity flaws in NX-OS and FXOS software. An attacker can exploit these three issues to cause a denial-of-service (DoS) condition. Below is the list of
Publish At:2023-08-27 07:32 | Read:290140 | Comments:0 | Tags:Breaking News Security CISCO DOS hacking news information se

Update now! Microsoft patches a whopping 130 vulnerabilities

It’s that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has already added these four vulnerabilities to the catalo
Publish At:2023-07-12 22:04 | Read:555528 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft Adobe Apple Andr

Apple & Microsoft Patch Tuesday, July 2023 Edition

Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a ze
Publish At:2023-07-11 21:34 | Read:280532 | Comments:0 | Tags:Security Tools Time to Patch Adam Barnett Andrew Brandt Appl

Cisco warns of a flaw in Nexus 9000 series switches that allows modifying encrypted traffic

Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic. Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode. An unauthentic
Publish At:2023-07-06 19:24 | Read:227291 | Comments:0 | Tags:Breaking News Security CISCO information security news IT In

Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. A security researcher has published a proof-of-concept (PoC) exploit code for the high-severity vulnerability, tracked as CVE-2023-20178 (CVSS score of 7.8), impacting Cisco AnyConnect Secure Mobility Client and Secure
Publish At:2023-06-22 12:04 | Read:378230 | Comments:0 | Tags:Breaking News Hacking CISCO hacking news information securit

Update your Cisco System Secure Client now to fix this AnyConnect bug

Cisco Secure Client is the fresh recipient of a fix to address a high-severity vulnerability related to improper permissions. The flaw allows attackers to potentially escalate privileges to the SYSTEM account. From the vulnerability advisory: A vulnerability in the client update feature of Cisco AnyConnect Secure Mobility Client Software for Windows and Cis
Publish At:2023-06-09 22:03 | Read:799237 | Comments:0 | Tags:Exploits and vulnerabilities News Cisco anyconnect system se

Cisco fixes privilege escalation bug in Cisco Secure Client

Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco has fixed a high-severity vulnerability, tracked as CVE-2023-20178 (CVSS Score 7.8), found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) that can be exploited by low-privileged, authenticated, local
Publish At:2023-06-08 07:29 | Read:280365 | Comments:0 | Tags:Breaking News Security CISCO Hacking hacking news informatio

A week in security (May 22-28)

Last week on Malwarebytes Labs: Update now: 9 vulnerabilities impact Cisco Small Business Series ChatGPT: Cybersecurity friend or foe? Webinar recap: EDR vs MDR for business success Identity crisis: How an anti-porn crusade could jam the Internet, featuring Alec Muffett: Lock and Code S04E11 Malvertising via brand impersonation is back again Update now! App
Publish At:2023-05-29 22:03 | Read:336822 | Comments:0 | Tags:News Cisco Zyxel ChatGPT Malvertising Apple Google insider t

Update now: 9 vulnerabilities impact Cisco Small Business Series

Vulnerabilities have been found and fixed in the web-based user interface of various Cisco products in the Small Business Series. These nine issues are tied to the web-based user interface of the products, and in a worst case scenario could lead to denial of service (DoS) conditions or arbitrary code execution. Affected products The vulnerabilities affe
Publish At:2023-05-22 22:03 | Read:595852 | Comments:0 | Tags:Business Cisco small business series web interface CVE explo

Critical fixed critical flaws in Cisco Small Business Switches

Cisco fixed nine flaws in its Small Business Series Switches that could be exploited to execute arbitrary code or cause a DoS condition. Cisco has released security updates to address nine security vulnerabilities in the web-based user interface of certain Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to exe
Publish At:2023-05-18 07:28 | Read:299794 | Comments:0 | Tags:Breaking News Security CISCO Cisco Small Business Switches H

Update now! May 2023 Patch Tuesday tackles three zero-days

It’s that time of the month again: We're looking at May's Patch Tuesday roundup. Microsoft has released its monthly update, and while the total number of patched vulnerabilities is relatively low at 38, among them are three zero-day vulnerabilities. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exp
Publish At:2023-05-10 22:02 | Read:548235 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft CVE-2023-29336 C

Cisco fixed critical flaws in the Industrial Network Director and Modeling Labs solutions

Cisco released security updates to address critical security flaws in its Industrial Network Director and Modeling Labs solutions. Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions. An attacker can exploit these vulnerabilities to inject arbitrary operating system
Publish At:2023-04-21 07:27 | Read:511526 | Comments:0 | Tags:Breaking News Security CISCO Hacking hacking news IT Informa

Fancy Bear known to be exploiting vulnerability in Cisco routers

In a joint advisory, the UK National Cyber Security Centre (NCSC), the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released information about APT28’s exploitation of Cisco routers in 2021. Now please don’t stop reading because you think this is old
Publish At:2023-04-20 22:01 | Read:579064 | Comments:0 | Tags:Exploits and vulnerabilities News APT28 Sofacy Fancy Bear GR

Update now! April’s Patch Tuesday includes a fix for one zero-day

It’s Patch Tuesday again. Microsoft and other vendors have released their monthly updates. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The Common Vulnerabilities and Exposures (CV
Publish At:2023-04-12 22:01 | Read:652144 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft Apple Google Ado

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud