Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco issued issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.

Continue ReadingCisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.

Continue ReadingCisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Cisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)

Cisco has patched a Cisco AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366). An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.

Continue ReadingCisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a 'grave risk' to critical infrastructure, government and private sector organizations.

Continue ReadingCISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)