Network Security - Securezoo

Sophos Firewall RCE vulnerability (CVE-2022-3236) exploited the wild

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 23, 2022 September 23, 2022 / CISA, CVE-2022-3236, Firewall, Sophos, Webadmin, Zoho

Sophos has fixed a Sophos Firewall remote code execution (RCE) vulnerability (CVE-2022-3236) exploited in the wild.

Mirai variant MooBot botnet targets multiple D-Link flaws

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / By Frank Crast / September 11, 2022 September 11, 2022 / botnet, CVE-2015-2051, CVE-2018-6530, CVE-2022-26258, CVE-2022-28958, Cybersecurity Threat Center, D-Link, Mirai, MooBot

Security researchers from Palo Alto Networks Unit 42 have discovered a Mirai botnet variant dubbed “MooBot” that targets multiple D-Link flaws and exposed networking devices running Linux.

Cisco releases Critical advisory for Small Business RV routers

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / August 7, 2022 August 7, 2022 / CVE-2022-20827, CVE-2022-20841, CVE-2022-20842, Router, Small Business, SMB, VPN, WAN

Cisco has released a Critical security update for three vulnerabilities in Small Business RV Routers. An unauthenticated, remote attacker could execute arbitrary code or cause a denial of service (DoS) condition on an unpatched device.

Cisco patched 3 Nexus Dashboard Unauthorized Access Vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 25, 2022 July 26, 2022 / Cisco, CVE-2022-20857, CVE-2022-20858, CVE-2022-20861, Nexus

Cisco has released a Critical severity security advisory for three Nexus Dashboard unauthorized access vulnerabilities.

ZuoRAT targets SOHO devices to launch sophisticated multi-stage cyber attacks

Cybersecurity Attacks, Malware, Network Security / By Frank Crast / July 8, 2022 July 8, 2022 / ASUS, Black Lotus Labs, Cisco, CVE-2020-26878, CVE-2020-26879, Cybersecurity Attack, Cybersecurity Threat Center, DrayTek, Lumen, NETGEAR, Python, Small Office, SOHO, ZuoRAT

Threat actors are using a multi-stage malware dubbed ZuoRAT to exploit small office/home office (SOHO) routers and launch sophisticated attacks against North American and European networks.

Cisco patches Critical Cisco Expressway Series and Cisco TelePresence Video Communication Server vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 7, 2022 July 7, 2022 / Cisco, CVE-2022-20812, CVE-2022-20813, TelePresence

Cisco has released a Critical severity security advisory for Cisco Expressway Series and Cisco TelePresence Video Communication Server vulnerabilities (CVE-2022-20812 and CVE-2022-20813).

Attackers could exploit Critical F5 BIG-IP vulnerability to execute arbitrary commands

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 15, 2022 May 15, 2022 / BIG-IP, CVE-2022-1388, iControl, REST

Unauthenticated attackers could exploit a Critical BIG-IP iControl REST vulnerability CVE-2022-1388 to execute arbitrary system commands, create or delete files, or disable services on BIG-IP systems.

Cisco issues security updates for Spring Framework, Firepower and IOS XR software

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 29, 2022 April 30, 2022 / Cisco, Firepower, IOS XR, Spring, Spring4Shell

Cisco has released a security updates for Spring Framework (“Spring4Shell”), Firepower Management Center (FMC) and IOS XR software that address Critical and High severity vulnerabilities.

Cisco issues Critical security updates for Spring Framework vulnerability

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 14, 2022 April 14, 2022 / Cisco, CVE-2022-22965, Spring, Spring4Shell, VMware

Cisco has issued an updated Critical security advisory for a Spring Framework vulnerability CVE-2022-22965 that affects multiple Cisco products. The networking giant also released a security update for a Critical LAN wireless controller vulnerability.

Juniper patches multiple vulnerabilities in Junos OS and other products (April 2022)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 14, 2022 April 14, 2022 / Jun OS, Juniper, Networking

Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS and multiple other products.