Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.
As the COVID-19 crisis continues to spread, larger numbers of enterprises and learning organizations are moving meetings and classrooms online via video-teleconferencing (VTC) platforms. The FBI has issued a new warning of recent VTC attacks and also offered guidance on how to better security VTC platforms.
Researchers from FireEye have discovered Chinese cyber threat group APT41 carry out a broad cyber campaign between January 20 and March 11, 2020. The actors have attempted to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products against 75 FireEye customers.
To prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), more organizations are electing to have their employees work remotely from home. With that responsibility, more organizations will need to adopt a heightened level of security to protect themselves from attackers who look to exploit weaknesses in enterprise virtual private networks (VPNs).
Cisco has released security patches for Email Security Appliance, Webex, Prime Network Registrar, Intelligent Proximity and other products. Four of the vulnerabilities are High risk and another eight are rated Medium severity.
Security researchers have discovered a new vulnerability dubbed Kr00k (or "KrØØk") that impacts devices with Broadcom and Cypress Wi-Fi chips.
Cisco has released security updates for multiple products to include IOS, Email Security Appliance, Data Center Network Manager and other products. One of the updates also addresses a critical vulnerability in Cisco's Smart Software Manager On-Prem.
Cisco has released security updates for Webex, IOS, and other products. Two of the vulnerabilities are rated High severity and should be prioritized.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a new warning that attackers continue to target unpatched Pulse Secure VPN systems.
Juniper Networks has released security advisories to fix vulnerabilities on multiple products this week.