FBI and CISA Release #StopRansomware: Royal Ransomware
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as January 2023.
Royal ransomware attacks have spread across numerous critical infrastructure sectors including, but not limited to, manufacturing, communications, healthcare and public healthcare (HPH), and education.
CISA encourages network defenders to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
Cisco Releases Security Advisory for Cisco IP Phones
Cisco has released a security advisory for vulnerabilities affecting the 6800, 7800, 7900, and 8800 Series of Cisco IP Phones. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the following advisory and apply the necessary updates.
Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities cisco-sa-ip-phone-cmd-inj-KMFynVcP
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack
Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation […]
Falla crítica en la serie de teléfonos IP Cisco expone a los usuarios a un ataque de inyección de comandos
Cisco lanzó el miércoles actualizaciones de seguridad para abordar una falla crítica que afecta a sus productos IP Phone 6800, 7800, 7900 y 8800 Series. La vulnerabilidad, identificada como CVE-2023-20078, tiene una calificación de 9.8 sobre 10 en el sistema de puntuación CVSS y se describe como un error de inyección de comandos en la interfaz de […]