Security Alerts & News
by Tymoteusz A. Góral

History
#1502 Cisco warns of command injection flaw in Cloud platform
It’s already been a busy month of patching for Cisco Systems, and on Wednesday the networking giant rolled out nine more security updates addressing critical vulnerabilities across its core product lines.

Most notably, Cisco is warning of two security holes (one rated critical, the other high) found in its Cisco Cloud Services Platform 2100 (CCSP). One could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system. The other is a command injection vulnerability found in the web-based GUI of the CCSP. This critical vulnerability could allow a remote attacker to gain root access privileges on CCSP’s underlying OS and execute arbitrary commands.

In both CCSP cases, Cisco has released software patches to fix the vulnerabilities.
Read more
#1502 Cisco warns of command injection flaw in Cloud platform
#1501 Don’t plug it in! Scammers post infected USB sticks through letterboxes
#1500 A bite of Python
#1499 More than 840,000 Cisco devices are vulnerable to NSA-related exploit
#1498 Bug that hit Firefox and Tor browsers was hard to spot—now we know why
#1497 SWIFT confirms banks still being targeted, announces mitigation tool
#1496 IoT devices being increasingly used for DDoS attacks
#1495 Future attack scenarios against ATM authentication systems
#1494 Massive web attack hits security blogger
#1493 Malware evades detection with novel technique
#1492 Yahoo is expected to confirm a massive data breach, impacting hundreds of millions of users
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12