Cisco Patches Serious Vulnerability in ASR 9000 Routers

On Wednesday, Cisco issued patches for 30 flaws, including a grave bug affecting ASR 9000 Series Aggregation Services Routers running IOS XR 64-bit software.

The flaw, tracked as CVE-2019-1710 and containing a CVSS score of 9.8, could allow an unverified, distant attacker to get access to internal applications running on the sysadmin virtual machine (VM).

Continue reading

What You Need to Know About Advanced Persistent Threat (APT)

An advanced persistent threat (APT) is a wide-ranging term used to describe an attack drive in which a trespasser, or a group of trespassers, launches an illegitimate, long-term presence on a network in order to mine highly sensitive data. The targets of these attacks, which are very prudently selected and researched, classically include large enterprises or governmental networks.

Continue reading

SAP and Intel Patch High Severity Vulnerabilities in Their Respective Systems

This week, SAP released 6 Security Notes as part of its April 2019 Security Patch Day, including two that highlight high severity vulnerabilities in Crystal Reports and NetWeaver.

Intel, on the other hand, has released security updates highlighting two high-severity flaws in its Intel Media Software Development Kit (SDK) and Intel NUC mini PC.

Continue reading

Juniper issues update after hardcoded identifications left in switches

Juniper Networks has released an update after discovering hardcoded credentials had been left in some of its datacenter switches.

Designated CVE-2019-0034, the exposed login was found in the Junos Network Agent, a software tool used to manage sensors and other devices that monitor network performance. Precisely, hardcoded credentials were found in Google gRPC, a component used with the Junos Telemetry Interface.

Continue reading