CyberAlerts

New “VIP” XorDDoS Malware Targets U.S. in Global Botnet Expansion

Description: A newly upgraded version of a long-running malware strain called XorDDoS is being used to launch powerful distributed denial-of-service (DDoS) attacks, with the United States emerging as the primary target. According to new research from Cisco Talos, over 70% of attempted attacks using the XorDDoS malware between late 2023 and early 2025 were aimed at … The post New “VIP” XorDDoS Malware Targets U.S. in Global Botnet Expansion appeared first on CyberInsider.

Source: CyberInsider

April 17th, 2025 (about 4 hours ago)

Unmasking the new XorDDoS controller and infrastructure

Description: Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.

Source: Cisco Talos Blog

April 17th, 2025 (about 9 hours ago)

CVE-2025-20178

Cisco Secure Network Analytics Privilege Escalation Vulnerability

Description: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-prvesc-4BQmK33Z Security Impact Rating: Medium CVE: CVE-2025-20178

Source: Cisco Security Advisory

April 16th, 2025 (1 day ago)

CVE-2025-20236

Cisco Webex App Client-Side Remote Code Execution Vulnerability

Description: A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient input validation when Cisco Webex App processes a meeting invite link. An attacker could exploit this vulnerability by persuading a user to click a crafted meeting invite link and download arbitrary files. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the targeted user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-client-rce-ufyMMYLC Security Impact Rating: High CVE: CVE-2025-20236

Source: Cisco Security Advisory

April 16th, 2025 (1 day ago)

CVE-2025-20150

Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability

Description: A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts. This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-unenum-2xFFh472 Security Impact Rating: Medium CVE: CVE-2025-20150

Source: Cisco Security Advisory

April 16th, 2025 (1 day ago)

Eclipse and STMicroelectronics vulnerabilities

Description: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.

Source: Cisco Talos Blog

April 16th, 2025 (1 day ago)

CVE-2011-4023

Cisco NX-OS Allocation of Resources Without Limits or Throttling (CVE-2011-4023)

Description: Tenable OT Security Plugin ID 503154 with High Severity Synopsis The remote OT asset is affected by a vulnerability. Description Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503154

Source: Tenable Plugins

April 11th, 2025 (6 days ago)

CVE-2003-1109

Cisco IP Phones Denial of Service (CVE-2003-1109)

Description: Tenable OT Security Plugin ID 503155 with High Severity Synopsis The remote OT asset is affected by a vulnerability. Description The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503155

Source: Tenable Plugins

April 11th, 2025 (6 days ago)

CVE-2008-4444

Cisco IP Phones Improper Input Validation (CVE-2008-4444)

Description: Tenable OT Security Plugin ID 503156 with High Severity Synopsis The remote OT asset is affected by a vulnerability. Description Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503156

Source: Tenable Plugins

April 11th, 2025 (6 days ago)

CVE-2011-2545

Cisco IP Phones Improper Neutralization of Input During Web Page Generation (CVE-2011-2545)

Description: Tenable OT Security Plugin ID 503157 with Medium Severity Synopsis The remote OT asset is affected by a vulnerability. Description Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.This plugin only works with Tenable.ot.Please visit https://www.tenable.com/products/tenable-ot for more information. Solution Refer to the vendor advisory. Read more at https://www.tenable.com/plugins/ot/503157

Source: Tenable Plugins

April 11th, 2025 (6 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: