Cisco has patched a critical vulnerability in the REST API of Cisco’s Elastic Services Controller that could lead to an attacker bypassing authentication on the REST API.
Cisco released security updates to patch a critical “SSH Key” vulnerability in Cisco Nexus 9000 series software as well as 22 High and 18 Medium severity bugs in multiple products, such as Cisco’s Web Security Appliance, Umbrella, Adaptive Security Appliance, Firepower, Small Business routers and others.
Cisco released security updates to patch critical vulnerabilities in multiple Cisco IOS products as well as high severity bugs in Cisco Wireless LAN, IOS, and other products. Two advisories have been updated with known public vulnerability exploits as recently evealed in Sea Turtle DNS hijacking campaign.
Cisco’s Talos security team has observed ongoing malware distribution campaigns that use a new version of a keylogger and password stealer “HawkEye Reborn v9.”
Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.