For providers

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device. CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance and immediately implement the mitigations outlined in: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Cisco Talos blog: Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities These mitigations include disabling the HTTP Server feature on internet-facing systems, and hunt for malicious activity on their network.

A 2023. 42. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2023.10.03. és 2023.10.19. között kezelt incidensek statisztikai adatait is tartalmazza.

We all know to look out for phishing emails, but sometimes these scams can catch us off guard. Learn to identify minute details that, when brought together, shine light on a larger attack.

VMware released advisories VMSA-2023-0021 and VMSA-2023-0022 that have been rated as important. They are as follows:

While we’ve seen an unsettling surge in the number of zero-days targeting Apple devices, security pros must look more broadly and understand how the Apple zero-days fit into the full context of cyber threats and espionage.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

More threat actors have been exploiting QR codes to facilitate advanced phishing attacks, reports SiliconAngle.

Subjecting payment systems around the world to a catastrophic cyberattack could result in a $3.5 trillion loss in global gross domestic product over a five-year period, according to The Record, a news site by cybersecurity firm Recorded Future.