RCE Vulnerability found in Cisco Small Business RV Series routers

RCE Vulnerability found in Cisco Small Business RV Series routers

Mar 22, 2022

On April 7th, Cisco released a security advisory announcing the discovery of a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that could allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code on affected devices.

This vulnerability is being caused by improper validation of user-supplied input in the web-based management interface. A malicious threat actor could exploit this vulnerability by sending specially designed HTTP requests to a targeted device. A successful exploit would allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.

At this time, Cisco has not released software updates that will address this vulnerability. There are also no known workarounds that address this vulnerability.

Read More
Countering Microsoft Exchange Vulnerabilities: DOJ Authorizes Warrant to Address Cybercrime Against Americans

Countering Microsoft Exchange Vulnerabilities: DOJ Authorizes Warrant to Address Cybercrime Against Americans

Mar 12, 2022

Learn about Microsoft Exchange vulnerabilities and what this could mean for your organization, how you should respond, and government implications.

Read More
SAP and Onapsis Release Joint Cyber Threat Intelligence Report Citing Malicious Attempts Attack SAP Applications

SAP and Onapsis Release Joint Cyber Threat Intelligence Report Citing Malicious Attempts Attack SAP Applications

Mar 02, 2022

Learn more about the joint cyber threat intelligence report, Active Cyber Attacks on Mission Critical SAP Applications, released April 6th by SAP and Onapsis.

 

Read More
FBI and CISA Release Bulletin Citing Hackers’ On-Going Efforts to Exploit Fortinet Vulnerabilities

FBI and CISA Release Bulletin Citing Hackers’ On-Going Efforts to Exploit Fortinet Vulnerabilities

Feb 10, 2022

On Friday, April 2nd, the United States Federal Bureau of Investigation (FBI) and Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) released a joint bulletin titled APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks announcing that they had observed advanced persistent threat (APT) actors scanning devices and seeking to exploit vulnerabilities in Fortinet’s FortiOS.

Read More

Critical Vulnerabilities in Cisco SD-WAN vManage Software

Jan 10, 2022

On April 7th, Cisco confirmed the existence of multiple vulnerabilities in the Cisco SD-WAN vManage Software that can allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code or allow a locally authenticated user to gain escalated privileges on affected systems.

For more information about the full scope of these vulnerabilities, refer to the official Cisco security advisory.

Cisco has released software updates that address and mitigate these vulnerabilities.

Read More

Did the SolarWind attack compromise your data?

Jan 03, 2022

In December 2020, the world saw what Johns Hopkins is calling one of the biggest cyber espionage attacks in history.

SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months.

Read More