Security Alerts & News
by Tymoteusz A. Góral

#961 Cisco won’t patch critical RV wireless router vulnerability until Q3
Cisco has alerted users of vulnerabilities in the web interface of its RV series of wireless VPN firewalls and routers that allow for remote code execution.

The networking giant, however, isn’t planning on releasing firmware updates until the third quarter, Cisco said. Cisco says it is not aware of public attacks against these vulnerabilities, but users will remain exposed until at least September; workarounds are not available either.

“The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data,” Cisco said in its advisory. “An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks.”

Cisco said the RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router are affected.
Read more
#963 The average cost of a data breach is now $4 million
#962 FBI raids spammer outed by KrebsOnSecurity
#961 Cisco won’t patch critical RV wireless router vulnerability until Q3
#960 Like macros before it, attackers shifting to OLE to spread malware
#959 BadTunnel bug hijacks network traffic, affects all Windows versions
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12