F5 fixes 12 High severity vulnerabilities in BIG-IP and BIG-IQ products
F5 has released fixes for 12 High severity vulnerabilities that affect BIG-IP and BIG-IQ products.
Networking
Juniper patches multiple vulnerabilities in Junos OS and other products (April 2022)
Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS and multiple other products.
Sandworm threat actors using new malware Cyclops Blink to target SOHO devices
Sandworm threat actors, also known as Voodoo Bear, are now using a new malware dubbed Cyclops Blink, a replacement for VPNFilter malware previously exposed in 2018, to target small office/home office (SOHO) routers and network attached storage (NAS) devices.
Cisco releases Critical security update for multiple vulnerabilities in Small Business RV Routers
Cisco has released a Critical security update for multiple vulnerabilities in Small Business RV Routers. Several of those vulnerabilities are rated Critical severity and have the highest rated CVSS score of 10.0.
Cisco fixes 5 High risk Cisco IOS XR Software vulnerabilities in multiple products
Cisco has fixed five High risk Cisco IOS XR Software vulnerabilities in multiple network products, as well as a security update for OpenSSL vulnerabilities.
Netgear patches Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches
Researchers have discovered a Critical authentication bypass vulnerability and two other flaws in multiple models of some Smart Switches.
Cisco fixes a Critical authentication bypass vulnerability in NFV Infrastructure Software TACACS+ AAA feature
Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.
Juniper Networks releases out-of-cycle emergency patch for FragAttack WiFi vulnerability
Juniper Networks has released an out-of-cycle emergency patch that fixes a “FragAttack” WiFi vulnerability in Juniper Networks Mist Access Points (APs).
Alert: Attackers exploiting Pulse Connect Secure vulnerabilities (updated)
CISA warned attackers continue to exploit Pulse Connect Secure vulnerabilities. The alert was issued after CISA confirmed malicious activity on public and private entity networks. Additional detection methods were also added on April 30.
NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks
Security researchers have discovered nine vulnerabilities collectively dubbed NAME:WRECK than can break DNS implementations in TCP/IP stacks and lead to denial of service or remote code execution. The experts also provided guidelines to organization on how to fix the issues.