Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

CVE-2022-21184: TALOS-2022-1461 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CVE
#vulnerability#web#mac#cisco#intel
Researchers Uncover 'Hermit' Android Spyware Used in Kazakhstan, Syria, and Italy

An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front

Here’s Why You’re Still Stuck in Robocall Hell

Despite major progress fighting spam and scams, the roots of the problem go far deeper than your phone company’s defenses.

BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield

Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.

Threat Source newsletter (June 16, 2022) — Three top takeaways from Cisco Live

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’m still decompressing from Cisco Live and the most human interaction I’ve had in a year and a half.   But after spending a few days on the show floor and interacting with everyone, there are a... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication

Cisco on Wednesday rolled out fixes to address a critical security flaw affecting Email Security Appliance (ESA) and Secure Email and Web Manager that could be exploited by an unauthenticated, remote attacker to sidestep authentication. Assigned the CVE identifier CVE-2022-20798, the bypass vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring system and stems from improper

Cisco’s Ash Devata on the Future of Secure Access

Ash Devata, Vice President & General Manager, Cisco Zero Trust and Duo Security, sits down with Dark Reading’sTerry Sweeney for a Fast Chat on the future of secure access.

Vulnerability Spotlight: Vulnerabilities in Anker Eufy Homebase could lead to code execution, authentication bypass

Lilith >_> of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.  Cisco Talos recently discovered three vulnerabilities in the Anker Eufy Homebase 2.  The Eufy Homebase 2 is the video storage and networking gateway that works with Anker’s Eufy Smarthome ecosystem.... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-20819: Cisco Security Advisory: Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration.

CVE-2022-20817: Cisco Security Advisory: Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.