#cisco

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front

Despite major progress fighting spam and scams, the roots of the problem go far deeper than your phone company’s defenses.

Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.   But after spending a few days on the show floor and interacting with everyone, there are a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper

Ash Devata, Vice President & General Manager, Cisco Zero Trust and Duo Security, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the future of secure access.

Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2.  The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem.... [[ This is only the beginning! Please visit the blog for the complete entry ]]

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration.

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.