#cisco

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability.

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm. "

Welcome to this week’s edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest – that feeling that I think most, if not all, Threat Source readers get at this time of year. That's

Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several countries around the world.

Did you miss our livestream focused on the Ukraine topics presented in the Cisco Talos Year in Review report? Join host Hazel Burton and special guests Kendall McKay, Nick Randolph, and Vanja Svajcer as they discuss Talos' now-years-long critical infrastructure effort in Ukraine.

Piotr Bania of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a memory corruption vulnerability in PowerISO. TALOS-2022-1644 (CVE-2022-41992) is a memory corruption vulnerability that exists in the VHD File Format parsing functionality of PowerISO 8.3. A specially crafted file can lead to an out-of-bounds write. A victim

After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.

Cisco's annual Security Outcomes Report shows executive support for a security culture is growing. It identifies the top seven success factors that boost enterprise security resilience, with a focus on cultural, environmental, and solution-based factors that businesses leverage to achieve security.

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.