Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google offers hackers $1,000 bounty to hack and fix Play Store apps
October 20, 2017
Google is offering security researchers a $1,000 (£760) bounty if they can successfully hack apps on its Play Store and help fix them. Bug bounty programmes are a popular way for companies to reward hackers who find vulnerabilities in their software and disclose them to developers so they can be fixed rather than exploited. The focus on ...
- Hackers Take Aim at SSH Keys in New Attacks
October 19, 2017
SSH private keys are being targeted by hackers who have stepped up their scanning of thousands of servers hosting WordPress websites in search of private keys. Since Monday, security researchers said they have observed a single entity scanning as many as 25,000 systems a day seeking vulnerable SSH keys to be used to compromise websites. “What ...
- Oracle Patches 250 Bugs in Quarterly Critical Patch Update
October 17, 2017
Oracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 and Oracle MySQL with 25. Of the critical patches, security researchers at Onapsis said that they identified three high-risk ...
- Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
October 16, 2017
FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis. The critical ...
- Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible
October 16, 2017
A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a private key just by having a target’s public key. Security experts say ...
- WPA2 Going the Way of WEP After Wi-Fi Researchers Find Critical Flaw
October 16, 2017
The WPA2 (Wi-Fi Protected Access II) protocol that’s used by most Wi-Fi networks today has been compromised, and a way to intercept traffic between computers, phones, and access points has been found. Today’s Internet and network connections rely on specific tools that are taken for granted, most of the time. From time to time, a way ...