Network Security Archives - Page 3 of 17

FBI alert: APT actors exploit 0-Day FatPipe VPN vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / November 21, 2021 / 0-day, FatPipe, FBI, MPVPN, VPN

The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.

Palo Alto Networks fixes Critical PAN-OS vulnerability (CVE-2021-3064)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 13, 2021 / CVE-2021-3064, Gateway, GlobalProtect, Palo Alto Networks, PAN-OS, VPN

Palo Alto Networks has fixed a Critical PAN-OS vulnerability (CVE-2021-3064) in GlobalProtect Portal and Gateway Interfaces.

New Proof of Concept tool demos BrakTooth vulnerability exploits

Network Security, Vulnerabilities & Exploits / By Frank Crast / November 8, 2021 / bluetooth, BrakTooth, GitHub, POC

Security researchers have released a new Proof of Concept (PoC) tool that demonstrates BrakTooth vulnerability exploits against Bluetooth-enabled devices.

Cisco SD-WAN command injection vulnerability could lead to code execution as root

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 23, 2021 / ATA, Cisco, CVE-2021-1529, CVE-2021-34698, CVE-2021-34710, CVE-2021-34735, IOS XE, SD-WAN, WSA

Cisco has fixed a High risk Cisco IOS XE SD-WAN Software command injection vulnerability that could allow a hacker to execute code with root privileges. The tech giant also released security updates for Analog Telephone Adapter and Web Security Appliance vulnerabilities.

Juniper patches multiple vulnerabilities in Junos OS and other products (October 2021)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 15, 2021 / Jun OS, Juniper, PTX, QFX, SRX

Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS, PTX Series, QFX Series, SRX Series network devices and multiple other products.

NSA and CISA release guidance on securing remote access VPNs

Access Control, Cybersecurity Articles, Identity & Access Management, Network Security / By Frank Crast / September 29, 2021 / CISA, CNSSP, NSA, TLS, VPN

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet selecting and securing remote access VPNs.

Cisco patches Critical IOS XE and SD-WAN vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 27, 2021 / CVE-2021-1619, CVE-2021-34727, CVE-2021-34770

Cisco has fixed three Critical risk Cisco IOS XE Software vulnerabilities in multiple network products, as well as three High risk SD-WAN vEdge vulnerabilities.

Cisco fixes 5 High risk Cisco IOS XR Software vulnerabilities in multiple products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 10, 2021 / Cisco, CVE-2021-3449, CVE-2021-3450, CVE-2021-34713, CVE-2021-34718, CVE-2021-34719, CVE-2021-34720, CVE-2021-34728, IOS XR, Networking, OpenSSL

Cisco has fixed five High risk Cisco IOS XR Software vulnerabilities in multiple network products, as well as a security update for OpenSSL vulnerabilities.

Netgear patches Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 7, 2021 / Demons Cries, Draconian Fear, NETGEAR, Networking, Smart Switch

Researchers have discovered a Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches.

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Authentication, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 4, 2021 / Cisco, CVE-2021-34746, Networking, NFV, NFVIS, TACACS

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.