#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

networking devices | Breaking Cybersecurity News | The Hacker News

Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers

Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers

Jul 21, 2022
Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity.  The  most severe of the issues  are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an "unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack." CVE-2022-20857  (CVSS score: 9.8) - Cisco Nexus Dashboard arbitrary command execution vulnerability CVE-2022-20858  (CVSS score: 8.2) - Cisco Nexus Dashboard container image read and write vulnerability CVE-2022-20861  (CVSS score: 8.8) - Cisco Nexus Dashboard cross-site request forgery (CSRF) vulnerabili
Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Feb 26, 2021
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted request to the affected API," the company  said  in an advisory published yesterday. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices." The bug, tracked as CVE-2021-1388, ranks 10 (out of 10) on the CVSS vulnerability scoring system and stems from an improper token validation in an API endpoint of Cisco ACI MSO installed the Application Services Engine. It affects ACI MSO versions running a 3.0 release of the software. The ACI Multi-Site Orchestrator lets customers monitor and m
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Mar 27, 2020
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report , at least two separate groups of hackers exploited two critical remote command injection vulnerabilities ( CVE-2020-8515 ) affecting DrayTek Vigor enterprise switches, load-balancers, routers and VPN gateway devices to eavesdrop on network traffic and install backdoors. The zero-day attacks started somewhere at the end of last November or at the beginning of December and are potentially still ongoing against thousands of publicly exposed DrayTek switche s, Vigor 2960, 3900, 300B devices that haven't yet been patched with the latest firmware updates released last month. The zero-day vulnerabilities in question can be exploited by any unauthorized remote attackers to inject and execute arbitrary commands on the system, as als
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cybersecurity Resources