Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems

The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.

DARKReading
Open in Source
#web#cisco#ddos#dos#intel#auth
Cisco IOS XE vulnerability widely exploited in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: IOS X Tags: remote management Tags: vulnerability Tags: CVE-2023-20198 Tags: webUI Tags: http server Tags: http secure-server Researchers have found that a recently disclosed vulnerability in Cisco IOS XE has already rendered thousands of compromised devices. (Read more...) The post Cisco IOS XE vulnerability widely exploited in the wild appeared first on Malwarebytes Labs.

Data Security and Collaboration in the Modern Enterprise

The "CISO Survival Guide" explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.

Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised

Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.

Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help

As the adoption of digital technologies increases, the volume of log data grows, which makes it challenging for cybersecurity teams to identify which logs are most valuable when investigating and analyzing threats.

Snapshot fuzzing direct composition with WTF

Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is assigned as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system. It’s worth pointing out that the shortcoming only affects enterprise networking gear that have

New Cisco Web UI Vulnerability Exploited by Attackers

By Waqas Another day, another critical vulnerability hits Cisco! This is a post from HackRead.com Read the original post: New Cisco Web UI Vulnerability Exploited by Attackers

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

CVE-2023-20198: Cisco Security Advisory: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory  Cisco will provide updates on the status of this investigation and when a software patch is available.