vulnerability

Cisco releases security patch for actively exploited zero-day vulnerability in Nexus switches.

by
Cisco releases security patch for actively exploited zero-day vulnerability in Nexus switches.

Cisco has released patches for several Nexus switch series to address a vulnerability that allows attackers to execute bash commands in the underlying operating system by exploiting an insufficient validation of arguments passed with configuration commands. This flaw, identified as CVE-2024-20399, affects various Cisco switches including MDS 9000 Series Multilayer Switches, Nexus 3000 Series Switches, … Read more

Cisco addresses vulnerability in NX-OS Nexus switch software through patching zero-day issue

by
Cisco addresses vulnerability in NX-OS Nexus switch software through patching zero-day issue

Cisco has recently patched a medium severity zero-day vulnerability in the command-line interface (CLI) of their Nexus operating system (NX-OS) software. This vulnerability could potentially allow an attacker with valid administrator credentials for the Nexus console to execute arbitrary commands on the Linux operating system with root privileges. In their advisory released on July 1st, … Read more

No break for the resilient as Cisco Nexus switches malfunction due to new zero-day vulnerability

by
No break for the resilient as Cisco Nexus switches malfunction due to new zero-day vulnerability

Cisco switch owners should be aware of a just-released patch for a vulnerability that was exploited in April to install malware on Nexus switches. The vulnerability, known as CVE-2024-20399, allows local authenticated attackers to execute arbitrary commands as root. While the severity rating is moderate at 6.0, the exploit was used by a group called … Read more

Intel CPU Vulnerability: Indirect Injection Attack Resulting in Exposed Sensitive Data

by
Intel CPU Vulnerability: Indirect Injection Attack Resulting in Exposed Sensitive Data

Security researchers at the University of California have discovered a new high-precision attack called “Indirector” that targets vulnerabilities in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) of high-end Intel CPUs like Raptor Lake and Alder Lake. This attack bypasses current defenses and compromises CPU security by exploiting weaknesses in these components. The … Read more

Urgent: Cisco Zero-Day Vulnerability Targeted by Chinese APT Group – Update Immediately

by
Urgent: Cisco Zero-Day Vulnerability Targeted by Chinese APT Group – Update Immediately

Cisco has fixed an issue in a network management platform that allows attackers to execute commands on affected devices’ operating systems. The flaw, known as CVE-2024-20399 and rated as medium risk, can be exploited by authenticated users. The bug is located in the Cisco NX-OS Software CLI, enabling attackers to run arbitrary commands as root. … Read more

Chinese hackers exploit novel Cisco NX-OS zero-day vulnerability

by
Chinese hackers exploit novel Cisco NX-OS zero-day vulnerability

A recent security threat has emerged as Chinese hackers have been found exploiting a new zero-day vulnerability in Cisco NX-OS. This hacking activity was reported by SC Media, revealing concerns about potential cyber attacks on an undetermined scale. The zero-day vulnerability in Cisco NX-OS poses a significant risk to organizations and individuals who use this … Read more

Vulnerability in Intel CPUs Allows for Indirector Injection Attack Resulting in Sensitive Data Breach

by
Intel CPU Vulnerability: Indirect Injection Attack Resulting in Exposed Sensitive Data

Researchers from the University of California have introduced a new high-precision Branch Target Injection (BTI) attack called “Indirector” that targets vulnerabilities in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) of Intel CPUs, specifically those from the Raptor Lake and Alder Lake generations. The attack, named Indirector, was developed by security researchers Luyi … Read more

New Intel CPU Vulnerability ‘Indirector’ Discloses Sensitive Information

by
New Intel CPU Vulnerability ‘Indirector’ Discloses Sensitive Information

In recent news, security researchers have discovered a new vulnerability in modern Intel CPUs, including Raptor Lake and Alder Lake, that could allow attackers to leak sensitive information from the processors. The attack, known as “Director” and identified by researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, exploits weaknesses in the Indirect Branch Predictor (IBP) … Read more

SecurityWeek: Cisco Releases Patch for Zero-Day Vulnerability in NX-OS Targeted by Chinese Hackers

by

Cisco recently released a patch for a zero-day vulnerability in its NX-OS operating system that was exploited by Chinese cyber spies. The vulnerability allowed attackers to remotely execute malicious code on affected devices. The exploitation of this vulnerability was reportedly part of a larger cyber espionage campaign conducted by Chinese threat actors. Cisco’s prompt response … Read more

Take Immediate Action: Cisco Switches Vulnerable to Remote Takeover due to Zero-Day Vulnerability

by
Take Immediate Action: Cisco Switches Vulnerable to Remote Takeover due to Zero-Day Vulnerability

Cisco recently addressed a critical zero-day vulnerability in its NX-OS software that was exploited in April attacks by the Chinese state-sponsored threat actor known as Velvet Ant. The vulnerability, tracked as CVE-2024-20399, allowed attackers with valid administrator credentials to execute arbitrary commands on affected devices. Velvet Ant used this flaw to install custom malware on … Read more