All news with #cisco tag

🔒 Cisco released patches for a critical, actively exploited vulnerability tracked as CVE-2026-20045 that affects multiple Unified Communications products and Webex Calling Dedicated Instance. The flaw (CVSS 8.2) allows unauthenticated remote attackers to execute arbitrary commands via crafted HTTP requests against the web-based management interface. Cisco urged customers to upgrade to fixed releases or apply published patch files; there are no workarounds. The U.S. CISA has added the issue to its KEV catalog with a remediation deadline of February 11, 2026.

🔒 Cisco released patches to address a critical remote code execution vulnerability, CVE-2026-20045, actively exploited against Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. The flaw stems from improper validation of user-supplied input in HTTP requests to the web management interface and can allow an attacker to gain user access and escalate to root. Administrators should apply the version-specific updates or provided .cop patch files immediately, as Cisco reports no available workarounds.

🔔 CISA has added CVE-2026-20045, a code injection vulnerability affecting Cisco Unified Communications products, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The agency warns that code injection is a frequent attack vector and poses significant risk to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by the required deadlines. CISA strongly urges all organizations to prioritize timely remediation as part of vulnerability management.

🔐 Rona Michele Spiegel transitioned from an arts and multimedia background into cybersecurity by blending early human-computer interface work with formal study and hands-on industry experience. She helped establish a user experience practice at Deloitte, worked in technology governance at Cisco, earned a Master of Information and Cybersecurity, and later focused on cloud controls at Wells Fargo before joining Autodesk to lead security and trust for mergers and acquisitions. Spiegel emphasizes careful risk assessment in M&A—especially when absorbing small, resource-constrained companies—while navigating AI-driven complexity, addressing hiring and entry-level gaps, and preventing burnout through inclusive leadership and mentoring.

⚠️ Cisco has released patches for a critical zero-day, CVE-2025-20393, in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The flaw allows a remote attacker to gain root by sending a crafted HTTP request to the Spam Quarantine interface when it is enabled and reachable from the internet. Cisco first learned of exploitation in December, issued a public advisory on Dec. 17, and has now published fixes to address the issue.

🔒 Cisco has released a fix for a maximum‑severity AsyncOS zero‑day (CVE-2025-20393) that has been exploited since November 2025. The flaw impacts Cisco Secure Email Gateway and Secure Email and Web Manager appliances with non-standard configurations when the Spam Quarantine feature is exposed to the internet, permitting arbitrary command execution as root. Cisco Talos links the intrusions to a Chinese-nexus actor tracked as UAT-9686, which deployed persistence and tunneling implants and a log-wiping utility. CISA has added the vulnerability to its known exploited vulnerabilities catalog and ordered federal remediation under BOD 22-01.

🔒 Cisco has released patches for a maximum-severity remote command execution vulnerability (CVE-2025-20393, CVSS 10.0) in AsyncOS that affects Cisco Secure Email Gateway and Secure Email and Web Manager. The defect stems from insufficient validation of HTTP requests in the Spam Quarantine feature and can allow arbitrary commands to run as root when the feature is enabled and reachable from the internet. Cisco says a China-nexus APT tracked as UAT-9686 exploited the bug in the wild, deploying tunneling tools, a log-cleaner and a Python backdoor, and that fixes remove persistence artifacts. Administrators should apply the provided fixed releases and follow the vendor's hardening guidance to restrict access and monitor for anomalous activity.

🔮 Cisco Talos outlines expectations for cybersecurity in 2026, warning of continued geopolitical-driven campaigns such as infostealers, phishing, and proxy-enabled destructive operations. The briefing highlights the growing risk posed by inadequately governed generative AI agents that could cause breaches or mimic insider threats through flawed design or prompt manipulation. Talos also emphasizes that familiar weaknesses — unpatched systems, leaked credentials, and absent MFA — will remain primary enablers of intrusion. The advisory specifically flags UAT-8837, a medium-confidence China-nexus APT targeting critical infrastructure since 2025, and urges patching, credential hygiene, and proactive hunting.

🔍 Terryn Valikodath, Senior Incident Response Consultant at Cisco Talos, describes a role that blends technical investigation with clear communication and proactive planning. He explains how his team balances developing incident response plans, running tabletop exercises and threat hunts with hands-on reactive investigations and remediation. Terryn highlights the reward of teaching through multi-day cyber range trainings and the satisfaction of helping organizations recover and build trust.

🔒 The CSO 2025 Security Priorities Study asked more than 640 senior security executives to rank leaders in AI-enabled security, and established, name-brand vendors dominated the results. CISOs prioritized product innovation but heavily weighed reputation, breach history, business value, cost, time to integrate, and peer adoption. The top-ranked providers included Cisco, Microsoft, and Google, while MSSPs and cloud-native service providers also gained visibility as teams seek managed incident response.

🔒 Cisco has disclosed a vulnerability (CVE-2026-20029) in Cisco ISE and ISE-PIC that could allow an authenticated administrator to read arbitrary files on the server due to improper XML parsing. Proof-of-concept exploit code exists though no active attacks are reported. Cisco assigns CVSS 4.9 (medium). Administrators should rotate credentials, limit who and what can reach ISE, and install the vendor patch as soon as service downtime allows.

🛡️ Cisco Talos warns that a China-linked actor tracked as UAT-7290 has expanded its focus to telecommunications providers in Southeastern Europe. The group leverages Linux-based malware and one-day public exploits against edge network devices, plus targeted SSH brute force, to gain initial access and escalate privileges. UAT-7290 also establishes Operational Relay Boxes (ORBs) that are reused by other China-aligned actors. Talos published technical details and IOCs to help affected organizations respond.

⚠️ Multiple Cisco switch models are entering reboot loops after an apparent firmware bug in the internal DNS client began treating DNS lookup failures as fatal errors. The problem began around 2 AM and affected devices log fatal DNS_CLIENT errors (for example 'SRCADDRFAIL' when resolving 'www.cisco.com'), then reboot every few minutes, seriously disrupting network operations. Administrators report affected lines include CBS, SG and Catalyst C1200/C1300 series. Temporary mitigations include disabling DNS or SNTP on management interfaces or blocking outbound management access while Cisco investigates.

🔒 Cisco Talos' Threat Source newsletter contrasts personal resolution habits with practical security practices and highlights an important APT disclosure. The post details a new Talos finding on UAT-7290, an espionage-focused actor active since at least 2022 that targets South Asian telecom and network infrastructure using implants named RushDrop, DriveSwitch, and SilentRaid. It urges defenders to apply updated detection signatures, audit and harden internet-facing devices, and ensure incident response plans are ready, while also summarizing notable weekly headlines and telemetry.

📡 Cisco Talos attributes a long-running cyber-espionage campaign to UAT-7290, a China-nexus actor targeting telecommunications providers since at least 2022. The group prioritizes public-facing edge devices in South Asia and has recently expanded activity into Southeastern Europe, using one-day exploits and SSH brute-force to gain persistent footholds. Its Linux-focused toolkit includes RushDrop, DriveSwitch and the modular backdoor SilentRaid, while Bulbature is used to convert compromised systems into relay nodes that can support other China-linked operators.

🔍 Cisco Talos attributes a China-nexus cluster named UAT-7290 to espionage-focused intrusions against South Asian and Southeastern European organizations. The actor conducts detailed reconnaissance and exploits one-day vulnerabilities and SSH brute force to compromise edge devices, primarily targeting telecommunications providers. UAT-7290 deploys Linux-based tooling including RushDrop, DriveSwitch, and SilentRaid, and uses the Bulbature backdoor to establish Operational Relay Box (ORB) nodes for broader access.

🔍 Cisco Talos discloses UAT-7290, a China‑nexus APT active since at least 2022 that targets telecommunications infrastructure in South Asia and has recently expanded into Southeastern Europe. The actor conducts extensive reconnaissance, uses one‑day exploits and target-specific SSH brute force, and primarily deploys a Linux-centric toolset including RushDrop, DriveSwitch, SilentRaid, and Bulbature. Talos notes UAT-7290 also provisions Operational Relay Box (ORB) nodes that may support other China-nexus operators and provides ClamAV and Snort signatures for detection.

🔒 Cisco has issued updates to address a medium-severity XML parsing vulnerability (CVE-2026-20029, CVSS 4.9) in Identity Services Engine (ISE) and ISE Passive Identity Connector. The flaw in the licensing feature allows an authenticated administrator to upload a crafted file and read arbitrary files from the underlying operating system. Cisco lists specific fixed releases and patches (pre-3.2 must migrate; 3.2/3.3/3.4 have patches; 3.5 not vulnerable), reports no workaround, and acknowledges a public PoC while noting no known in-the-wild exploitation. The advisory also includes fixes for two Snort 3 DCE/RPC issues affecting multiple Cisco products.

🔒 Cisco has released patches for an Identity Services Engine (ISE) XML-parsing vulnerability tracked as CVE-2026-20029 that can be abused by remote attackers with valid administrative credentials. The flaw in ISE and ISE Passive Identity Connector allows a crafted XML upload to read arbitrary files on the host. Cisco notes a public proof-of-concept is available and urges customers to upgrade to patched releases rather than rely on temporary mitigations.

🔒 The UK is investing more than £210 million to boost cyber defenses across government departments and the wider public sector through a new Government Cyber Action Plan. The initiative creates a dedicated Government Cyber Unit, mandates minimum security standards, and strengthens incident response capabilities. A new Software Security Ambassador Scheme will promote best practices with firms including Cisco, Palo Alto Networks, Sage, NCC Group, and Santander. The plan builds on the Cyber Security and Resilience Bill and earlier measures to curb ransom payments and telecom spoofing.