Netgear patches Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches

Researchers have discovered a Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches.

Continue ReadingNetgear patches Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.

Continue ReadingCisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Alert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)

CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.

Continue ReadingAlert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)

NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks

Security researchers have discovered nine vulnerabilities collectively dubbed NAME:WRECK than can break DNS implementations in TCP/IP stacks and lead to denial of service or remote code execution. The experts also provided guidelines to organization on how to fix the issues.

Continue ReadingNAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks

Critical F5 BIG-IP vulnerability (CVE-2021-22986) under active attack

Security researchers are warning of mass scans and active exploits of a Critical vulnerability on F5 BIG-IP and BIG-IQ infrastructure. F5 patched the Critical remote code execution vulnerability CVE-2021-22986 nearly two weeks ago when the networking company confirmed an unauthenticated attacker could exploit the vulnerability.

Continue ReadingCritical F5 BIG-IP vulnerability (CVE-2021-22986) under active attack

Cisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)

Cisco has patched a Cisco AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366). An attacker could remotely exploit some of these vulnerabilities to take control of an impacted system.

Continue ReadingCisco patches AnyConnect Secure Mobility Client DLL hijacking vulnerability (CVE-2021-1366)