Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.” According to Microsoft none of the vulnerabilities has been publicly disclosed before Patch Tuesday

TALOS
Open in Source
#vulnerability#web#mac#windows#microsoft#cisco#rce#auth
Cisco RV Series Authentication Bypass / Command Injection

This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

CVE-2019-15126: MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

**How could an attacker exploit this vulnerability?** For an attacker to exploit this vulnerability, the following conditions must be met: * The attacker must be in physical proximity to the targeted victim. A remote attack is not possible because this vulnerability is at the Wi-Fi layer. * The victim must be using unprotected transports such as plain HTTP. If customers follow the security best practices outlined in the Executive Summary, this vulnerability would be difficult to exploit.

CVE-2023-20076: Cisco Security Advisory: Cisco IOx Application Hosting Environment Command Injection Vulnerability

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.

Talos Takes 128: Year in Review - Ransomeware and Commodity Loaders Edition

We're back with the final year in review focused episode. This time the focus is on the ever broadening ransomware landscape and the commodity malware loaders that often support it.

Threat Source newsletter (Feb. 9, 2023): Don't let criminals exploit your empathy

Our hearts are with the people of Turkey and Syria and all those impacted by the tragic earthquake. The Cisco Foundation has launched a matching campaign to support local disaster relief organizations.

ActZero Unveils Next-Generation MDR Platform

Latest release gives small and mid-sized enterprises AI-driven analysis tools and unified visibility across IT environments for stronger ransomware protection.