#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

cisco networking | Breaking Cybersecurity News | The Hacker News

Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019

Price Dropped: Get Lifetime Access to Cisco Certification Courses 2019

Aug 12, 2019
With the migration of governments and enterprises towards controller-based architectures, the role of a core network engineer has become more important than ever. Today, majority of interconnected wide area networks (WANs) and local area networks (LANs) in the world run on Cisco routers and other Cisco networking equipment, and therefore most organizations need network engineers to maintain and program these networks. So, if you are looking forward to making career advancement in networking, then Cisco's CCNA and CCNP certifications are one of the most highly reputed entry-level networking certifications in the industry. While CCNA, or Cisco Certified Network Associate, is for entry-level network engineers to maximize their foundational networking knowledge, CCNP or Cisco Certified Network Professional is intended for professionals to implement, maintain and plan Cisco's wide range of high-end network solution products. But how long have you wanted to take CCNA and
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers

Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers

Mar 08, 2018
A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. Cisco Prime Collaboration Provisioning (PCP) application allows administrators to remotely control the installation and management of Cisco communication devices (integrated IP telephony, video, voicemail) deployed in the company and services for its subscribers. The vulnerability (CVE-2018-0141) is due to a hard-coded password for Secure Shell (SSH), which could be exploited by a local attacker to connect to the PCP's Linux operating system and gain low-level privileges. Cisco PCP Hard-Coded Password Flaw According to an advisory released by Cisco, with low-level privileges, an attacker could then elevate its privileges to root and take full control of the affected devices. Although this vulnerability has been given a Common Vulnerability Scoring System (CVSS) bas
Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Mar 20, 2017
Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models. The company identified this highest level of vulnerability in its product while analyzing " Vault 7 " — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA). The vulnerability resides in the Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software. If exploited, the flaw ( CVE-2017-3881 ) could allow an unauthenticated, remote attacker to cause a reboot of an affected device or remotely execute malicious code on the device with elevated privileges to take full control of the device, Cisco says in its  advisory . The CMP protocol has been designed to pass around information about switch clusters between cluster members using Telnet or SSH. The vulnerability is in the default configuration of affected Cisco devices,
cyber security

Demonstrate Responsible AI: Get the ISO 42001 Compliance Checklist from Vanta

websiteVantaCompliance / Security Audit
ISO 42001 helps organizations demonstrate trustworthy AI practices in accordance with global standards. With Vanta, completing the requirements for ISO 42001 compliance can be done in a fraction of the time. Download the checklist to get started.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
Cisco finds new Zero-Day Exploit linked to NSA Hackers

Cisco finds new Zero-Day Exploit linked to NSA Hackers

Sep 20, 2016
Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself " The Shadow Brokers ." Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target major vendors including, Cisco, Juniper, and Fortinet. A hacking exploit, dubbed ExtraBacon , leveraged a zero-day vulnerability (CVE-2016-6366) resided in the Simple Network Management Protocol (SNMP) code of Cisco ASA software that could allow remote attackers to cause a reload of the affected system or execute malicious code. Now Cisco has found another zero-day exploit , dubbed "Benigncertain," which targets PIX firewalls. Cisco analyzed the exploit and noted that it had not identified any new flaws related to this exploit in its current products. But,
Hackers Backdooring Cisco WebVPN To Steal Customers’ Passwords

Hackers Backdooring Cisco WebVPN To Steal Customers' Passwords

Oct 09, 2015
Virtual Private Networks (VPNs) , which is widely used by many businesses and organisations to provide secure access to their workers, are being abused to pilfer corporate user credentials. Researchers from security firm Volexity discovered a new attack campaign that targets a widely used VPN product by Cisco Systems to install backdoors that collect employees' usernames and passwords used to login to corporate networks. The product in question is Cisco Systems' Web-based VPN – Clientless SSL VPN . Once an employee is authenticated, Clientless SSL VPNs allows him/her to access internal web resources, browse internal file shares, and launch plug-ins, which let them access internal web resources through telnet, SSH, or similar network protocols. The backdoor contains malicious JavaScript code that attackers used to inject into the login pages. Once injected, the backdoor is hard to detect because the malicious JavaScript is hosted on an external compromised
Cisco to Buy OpenDNS Company for $635 Million

Cisco to Buy OpenDNS Company for $635 Million

Jul 01, 2015
Cisco, a networking giant that offers traditional network edge protection, has announced that the company is buying cloud-based security company OpenDNS for $635 Million . Yes, OpenDNS , whose Domain Name Services (DNS) you might have used to avoid regional restrictions or to improve your Internet connection. However, Cisco is not making the acquisition of OpenDNS for any of the above reasons. Instead, the networking giant says it will boost its own cloud security, adding "broad visibility and threat intelligence from the OpenDNS cloud-delivered platform." The aim is to offer you the protection against cyber attacks on your corporate network from any device, anywhere, anytime, and to predict threats before they strike. Hilton Romanski , who leads business development at Cisco, wrote in his blog post : "The acquisition will extend our ability to provide customers enhanced visibility and threat protection for unmonitored and potentially unsecure entry
Expert Insights
Cybersecurity Resources