Cisco ASA Exploited in the Wild: FXOS, NX-OS Get High-Priority Patches

Cisco ASA Exploited in the Wild: FXOS, NX-OS Get High-Priority Patches

|
Cisco released a high-severity patch update for CVE-2018-0296 on June 22 which affects the Adaptive Security Appliance (ASA). There’s no time to waste in deploying this patch, as the company’s advisory notes it is currently being exploited in the wild. The ASA patch, which addresses the lack of proper input ... Read More
Critical Cisco Secure Access Control System (ACS) Vulnerability

Critical Cisco Secure Access Control System (ACS) Vulnerability

|
Researchers at Positive Technologies discovered a serious flaw (CVE-2018-0253) in Cisco’s Secure Access Control System (ACS). System administrators use Cisco ACS to authenticate users across the network. The vulnerability allows external access to the Cisco ACS web interface, thereby allowing attackers to possibly gain unrestricted access to the internal network ... Read More
Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability

Adobe Flash Player Has (Another) Critical Zero-Day Vulnerability

|
The Adobe Flash Player is widely adopted and a choice target for attackers given its history with vulnerabilities and the potential footprint exploits can have. Adobe consistently provides security updates for critical vulnerabilities. However, CVE-2018-5002 is the second zero-day vulnerability in Adobe Flash Player this year (the earlier one being ... Read More
Zip Slip Critical Archive Extraction Vulnerability

Zip Slip Critical Archive Extraction Vulnerability

|
Security slipup with Zip SlipYesterday, the Snyk Security team released information about a widespread archive extraction vulnerability known as Zip Slip. Zip Slip allows cyberattackers to write arbitrary files on the system, potentially permitting remote command execution. Zip Slip is a combination of “arbitrary file overwrite” and “directory traversal” weaknesses ... Read More
Spectre And Meltdown Still Haunting Intel/AMD

Spectre And Meltdown Still Haunting Intel/AMD

|
The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) with the help of others, the attacks affected everything from desktops, laptops and mobile devices to infrastructure-as-a-service. These flaws are present in nearly all modern microprocessors and could allow ... Read More
Advisory: Red Hat DHCP Client Command Injection Trouble

Advisory: Red Hat DHCP Client Command Injection Trouble

|
On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerability was discovered by Google engineer Felix Wilhelm. The proof of concept for the command injection vulnerability CVE-2018-1111 is so ... Read More
ADVISORY: Efail...PGP Has an Email Problem?

ADVISORY: Efail…PGP Has an Email Problem?

|
Email continues to be one of the most popular ways to communicate in the world today. And given the rapidly evolving threat landscape, email encryption has never been more critical. Pretty Good Privacy (PGP) has long been a trusted platform for encrypted messaging and remains a popular method of sending ... Read More
ADVISORY: Intel...Simply Misunderstood?

ADVISORY: Intel…Simply Misunderstood?

|
To close numerous security gaps, Microsoft, Adobe, Apple, Red Hat, Xen, VMware and other vendors have released a number of patches in the first 10 days of May. We discussed some of these in our recent blog post, Microsoft May Madness. However, one issue that stands out because it impacts ... Read More
Why Are You Still Using IE? Double Kill Is Just the Latest Issue

Why Are You Still Using IE? Double Kill Is Just the Latest Issue

|
Microsoft's legacy browser Internet Explorer (IE) has been used for almost three decades, but not without issues. IE has been so plagued with security problems that Microsoft built a new, more secure browser called Edge. But there are still some issues. Edge’s forward-leaning technology doesn’t support some of IE’s legacy ... Read More
Cisco Smart Install - How to Prevent Attacks on Switches

Cisco Smart Install – How to Prevent Attacks on Switches

|
There’s been a flurry of activity around the Cisco Smart Install feature recently. Last week, we posted a tech blog about CVE-2018-0171, a critical vulnerability in Cisco’s Smart Install feature that called for immediate mitigation as proof-of-concept code was released publicly. Now, a wave of attacks has moved through data ... Read More
Loading...