Networking Archives

F5 fixes 12 High severity vulnerabilities in BIG-IP and BIG-IQ products

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / August 7, 2022 August 7, 2022 / BIG-IP, BIG-IQ, CVE-2022-35243, CVE-2022-35728, F5, Networking

F5 has released fixes for 12 High severity vulnerabilities that affect BIG-IP and BIG-IQ products.

Juniper patches multiple vulnerabilities in Junos OS and other products (April 2022)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 14, 2022 April 14, 2022 / Jun OS, Juniper, Networking

Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS and multiple other products.

Sandworm threat actors using new malware Cyclops Blink to target SOHO devices

Cybersecurity Attacks, Malware, Network Security / By Frank Crast / February 25, 2022 February 25, 2022 / Cyclops Blink, Networking, Router, Sandworm, SOHO, VPNFilter

Sandworm threat actors, also known as Voodoo Bear, are now using a new malware dubbed Cyclops Blink, a replacement for VPNFilter malware previously exposed in 2018, to target small office/home office (SOHO) routers and network attached storage (NAS) devices.

Cisco releases Critical security update for multiple vulnerabilities in Small Business RV Routers

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 4, 2022 February 4, 2022 / Cisco, CVE-2022-20699, CVE-2022-20700, CVE-2022-20701, CVE-2022-20703, CVE-2022-20708, Gigabit, Networking, Router, Small Business, VPN, WAN

Cisco has released a Critical security update for multiple vulnerabilities in Small Business RV Routers. Several of those vulnerabilities are rated Critical severity and have the highest rated CVSS score of 10.0.

Cisco fixes 5 High risk Cisco IOS XR Software vulnerabilities in multiple products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 10, 2021 September 11, 2021 / Cisco, CVE-2021-3449, CVE-2021-3450, CVE-2021-34713, CVE-2021-34718, CVE-2021-34719, CVE-2021-34720, CVE-2021-34728, IOS XR, Networking, OpenSSL

Cisco has fixed five High risk Cisco IOS XR Software vulnerabilities in multiple network products, as well as a security update for OpenSSL vulnerabilities.

Netgear patches Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 7, 2021 September 8, 2021 / Demons Cries, Draconian Fear, NETGEAR, Networking, Smart Switch

Researchers have discovered a Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches.

Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature

Authentication, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / September 4, 2021 September 4, 2021 / Cisco, CVE-2021-34746, Networking, NFV, NFVIS, TACACS

Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.

Juniper Networks releases out-of-cycle emergency patch for FragAttack WiFi vulnerability

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 17, 2021 May 17, 2021 / Access Point, CVE-2020-24588, FragAttack, ICASI, Juniper, Juniper Networks, Networking, WiFi

Juniper Networks has released an out-of-cycle emergency patch that fixes a “FragAttack” WiFi vulnerability in Juniper Networks Mist Access Points (APs).

Alert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)

Cybersecurity Attacks, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / May 1, 2021 May 4, 2021 / CISA, CVE-2019-11510, CVE-2020-8243, CVE-2020-8260, CVE-2021-22893, Networking, PSIRT, Pulse Connect, Pulse Secure

CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.

NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 16, 2021 April 16, 2021 / CVE-2016-20009, CVE-2020-15795, CVE-2020-27009, CVE-2020-7461, DNS, DNSpooq, Forescout, IOT, JSOF, NAME:WRECK, Networking, Ripple20, SIGRed, WRECK

Security researchers have discovered nine vulnerabilities collectively dubbed NAME:WRECK than can break DNS implementations in TCP/IP stacks and lead to denial of service or remote code execution. The experts also provided guidelines to organization on how to fix the issues.