Updated on July 7th, 2020: The Cyber Fusion Center has learned that the original mitigation guidance provided by F5 was incomplete and has been bypassed.
Author: Francisco Donoso
Francisco Donoso leads the Managed Security Services Architecture team here at Kudelski Security.
Critical Vulnerabilities Cisco Smart Install Actively Exploited to Cause Mass Network Outages (CVE-2018-0171 & CVE-2018-0156)
Summary The Cyber Fusion Center has learned of malicious, seemly automated, exploitation of recent Cisco IOS and Cisco IOS XE critical vulnerabilities (CVE-2018-0171 & CVE-2018-0156)
CVE-2018-010 – Cisco Updates Advisory Regarding Critical Remote Code Execution and Denial of Service Vulnerabilities in ASA and FTD software
Summary On February 5th, 2018 Cisco updated an existing vulnerability advisory for CVE-2018-010 due to newly discovered attack vectors and because the original software fix
Meltdown & Spectre Attacks on CPU Flaws
Summary On January 3rd 2018, several hardware flaws affecting modern processors were publicly disclosed by security researchers. These flaws are exploitable by attacks nicknamed “Meltdown”
Key Reinstallation Attacks (KRACK) affecting WPA Protocol – Advisory
Summary On October 16th, several vulnerabilities affecting the Wi-Fi Protected Access II (WPA2) protocol were disclosed by security researchers in coordination with the U.S CERT.
Security Advisory: CCleaner Modified by Sophisticated Attacker to Deliver Malicious Code
Piriform’s CCleaner modified to deliver malicious backdoor Summary On September 18, 2017, CCleaner’s developer, Piriform, announced that recent versions of the CCleaner and CCleaner Cloud
