Podcasts about cisco ios xe

An international law enforcement operation dismantles AVCheck. Trump's 2026 budget looks to cut over one thousand positions from CISA. Cyber Command's defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today's Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics. Complete our annual audience survey before August 31. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today's episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference. Selected Reading Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer) DHS budget request would cut CISA staff by 1,000 positions (Federal News Network) Cybercom's defensive arm elevated to sub-unified command (DefenseScoop) vBulletin Vulnerability Exploited in the Wild (SecurityWeek) Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine) Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer) Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer) Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines) Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield) The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw  (SecurityWeek) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A PNG Image With an Embedded Gift Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit. https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code. https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/ Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE A change in PHP 8.1 can expose methods previously expected to be safe . vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published. https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

Cisco patches a level 10 vulnerability in IOS XE President nominates former Unilever CISO to be Pentagon CIO SonicWall patches a new zero-day vulnerability Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Referências do EpisódioCVE-2025-20188 - Cisco IOS XE Wireless Controller Software Arbitrary File Upload VulnerabilityRansomware Attackers Leveraged Privilege Escalation Zero-dayAgenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their ArsenalCOLDRIVER Using New Malware To Steal Documents From Western Targets and NGOsVídeo que fiz sobre ClickFixInferno Drainer Reloaded: Deep Dive into the Return of the Most Sophisticated Crypto DrainerNew Finance Scam Discovered Abusing Niche X/Twitter Advertising LoopholeNew DOGE Big Balls Ransomware Tools in the WildIranian Cyber Actors Impersonate Model Agency in Suspected Espionage OperationSysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)Roteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

* "whoAMI" Attack Exploits AWS for Code Execution* Chinese Hackers Exploit Cisco Devices in Global Telecom Attacks* Australian National University Investigates Alleged Ransomware Attack* Phishing Season 2025: Zscaler Predicts Increased Sophistication and New Threats* Chinese Cybercriminals Revive Carding with Mobile Wallet Attacks"whoAMI" Attack Exploits AWS for Code Executionhttps://www.bleepingcomputer.com/news/security/whoami-attacks-give-hackers-code-execution-on-amazon-ec2-instances/Security researchers have discovered a critical vulnerability in Amazon Web Services (AWS) that allows attackers to gain unauthorized code execution on EC2 instances.Dubbed "whoAMI," the attack exploits a flaw in how users select Amazon Machine Images (AMIs), the pre-configured templates used to create virtual servers.Attackers can publish malicious AMIs with names that mimic those of legitimate AMIs, tricking users into selecting and launching these malicious images. This can occur when users:* Fail to specify the owner of the AMI: When retrieving AMIs, users should always specify the owner to ensure they are selecting trusted images.* Use wildcards in their AMI searches: This can inadvertently include malicious AMIs that match the search criteria.* Utilize "most_recent=true" in tools like Terraform: This setting automatically selects the latest matching AMI, which could be a malicious one.AWS has acknowledged the vulnerability and implemented a fix. However, organizations must update their code and configurations to mitigate the risk.This attack highlights the importance of secure coding practices and careful consideration of security measures when utilizing cloud services.Chinese Hackers Exploit Cisco Devices in Global Telecom Attackshttps://cyberinsider.com/chinese-hackers-breach-cisco-devices-in-global-telecom-attacks/A new report reveals that the Chinese state-sponsored hacking group Salt Typhoon has compromised Cisco devices worldwide, targeting telecommunications providers and universities across multiple countries, including the United States, the United Kingdom, and South Africa.The attacks exploit critical vulnerabilities in Cisco IOS XE software, allowing the hackers to gain unauthorized access and establish persistent backdoors within targeted networks.Salt Typhoon leverages these compromised devices to eavesdrop on sensitive communications, manipulate data traffic, and potentially disrupt critical infrastructure.This campaign highlights the growing threat of state-sponsored cyberattacks targeting critical infrastructure and underscores the need for robust cybersecurity measures to protect against these sophisticated threats.Australian National University Investigates Alleged Ransomware Attackhttps://www.cyberdaily.au/security/11716-exclusive-australian-national-university-investigating-alleged-cyber-attackThe Australian National University (ANU) is investigating a potential ransomware attack after the hacking group FSociety claimed to have breached the institution's systems and threatened to leak sensitive data.FSociety, known for its ransomware-as-a-service operations, listed ANU on its dark web leak site, threatening to release stolen data within seven days if a ransom is not paid.While the university is currently investigating the claims, the incident has raised concerns about the growing cyber threat landscape and the increasing sophistication of ransomware attacks.This is not the first time ANU has faced a data breach. In 2019, a significant data breach impacted 19 years of personal data from both students and staff, with Chinese state actors suspected to be behind the attack.The incident underscores the critical importance of robust cybersecurity measures for educational institutions and the ongoing challenge of protecting sensitive data in the face of evolving cyber threats.Phishing Season 2025: Zscaler Predicts Increased Sophistication and New Threatshttps://www.zscaler.com/blogs/security-research/phishing-season-2025-latest-predictions-unveiledZscaler's ThreatLabz has released its predictions for phishing attacks in 2025, highlighting a surge in sophistication and new attack vectors.Key predictions include:* I-powered phishing: Both attackers and defenders will leverage AI, with attackers using AI to craft more convincing and personalized phishing emails and security vendors utilizing AI to enhance threat detection.* MFA bypass: Phishing attacks will increasingly focus on bypassing multi-factor authentication (MFA) through techniques like adversary-in-the-middle attacks and localized phishing content.* Vishing attacks on the rise: Voice phishing (vishing) attacks will become more sophisticated, utilizing AI-powered voice cloning technology to mimic trusted individuals and deceive victims.* Mobile device targeting: Attackers will exploit vulnerabilities in mobile devices and platforms, leveraging social engineering tactics and exploiting trust in common communication channels like push notifications.* Politically motivated attacks: Phishing attacks will capitalize on political events and heightened emotions, targeting voters and political campaigns with deceptive communications.* Exploitation of encrypted messaging platforms: Cybercriminals will increasingly utilize encrypted messaging platforms to launch phishing attacks, leveraging bots to automate malicious activities and evade detection.* Browser-in-the-browser attacks: These attacks will become more sophisticated, with AI-driven customization to mimic browser environments more convincingly and adapt to user interactions.These predictions underscore the evolving threat landscape and the need for organizations and individuals to remain vigilant against increasingly sophisticated phishing attacks.Chinese Cybercriminals Revive Carding with Mobile Wallet Attackshttps://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/Chinese cybercriminal groups have revitalized the carding industry by turning phished credit card data into mobile wallets, enabling widespread fraud.These groups utilize sophisticated phishing techniques, primarily through iMessage and RCS, to capture victims' payment card information and one-time codes used for mobile wallet provisioning. They then link the stolen card data to new mobile wallets on devices they control, often selling these pre-loaded phones in bulk.These cybercriminals are also using innovative techniques like "ghost tap" software, which relays NFC transactions from anywhere in the world, enabling them to cash out stolen funds at local payment terminals or ATMs.The phishing operations are highly organized, with vendors selling sophisticated phishing kits that include features like real-time data capture, back-end databases for storing stolen information, and automated tools for creating fake payment card images for easy mobile wallet enrollment.This resurgence of carding through mobile wallets has resulted in significant financial losses, highlighting the need for enhanced security measures in mobile wallet provisioning and payment systems.Special Thanks to Justin Butterfield for contributing some of the interesting stories for this week's cyber bites. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

In this episode, we welcome back Taha, a.k.a NetAutomator, to unravel the often-misunderstood concept of onbox programmability and how it can transform your network device into a multi-purpose tool within your data center. If you have Cisco IOS-XE, IOS-XR, or NX-OS devices, chances are you can use it to run Python scripts, bash scripts, and event managers directly on the device. What does it mean for your environment? That is what our conversation is about.  Don't miss this fascinating conversation!Connect with Taha on LinkedIn: https://www.linkedin.com/in/taha-yusuf/Follow Taha on Twitter: https://twitter.com/NetAutomatorContainers in Cisco IOS-XE, IOS-XR, and NX-OS: Orchestration and Operation, https://www.ciscopress.com/store/containers-in-cisco-ios-xe-ios-xr-and-nx-os-orchestration-9780135782972.Container Lab: https://containerlab.dev/--- Stay in Touch with Us —Subscribe on YouTube: https://www.youtube.com/c/EricChouNetworkAutomationNerdsFollow Eric on Twitter: https://twitter.com/ericchouNetwork Automation Learning Community: https://members.networkautomation.community/ 

In this episode, get ready for a awesome discussion with Taha Yusuf, also known as NetAutomator, as we talk about the intricacies of the network engineering field, and the state of automation in networking. Listen in as we reflect on his fascinating path into the world of technology, starting from a young age with his first PC, to learning Visual Basic, and his experiences as a Network Engineer.We also explore the importance of self-learning in achieving true success in IT careers. Taha explains why it's crucial to transcend certification and focus on self-learning. Let's dive in! Connect with Taha on LinkedIn: https://www.linkedin.com/in/taha-yusuf/ Follow Taha on Twitter: https://twitter.com/NetAutomator Containers in Cisco IOS-XE, IOS-XR, and NX-OS: Orchestration and Operation, https://www.ciscopress.com/store/containers-in-cisco-ios-xe-ios-xr-and-nx-os-orchestration-9780135782972. Container Lab: https://containerlab.dev/ --- Stay in Touch with Us —Subscribe on YouTube: https://www.youtube.com/c/EricChouNetworkAutomationNerds Follow Eric on Twitter: https://twitter.com/ericchouNetwork Automation Learning Community: https://members.networkautomation.community/ 

https://youtu.be/kvSA53ncRlg This week on the podcast, we review a thorough unmasking of Octa Tempest, the threat actor beind the MGM and Caesars Entertainment attacks in September. Before that, we give an update on the Cisco IOS XE vulnerability that head to an implant installed on thousands of exposed devices. We round out the episode with an analysis of CitrixBleed, an information disclosure vulnerability in Citrix NetScaler that was just patched last week.

Cisco IOS XE Update: Number of infected devices via zero-day remains high California sidelines GM's driverless cars, citing safety risk Canada accuse China of ‘Spamouflage' disinformation campaign Thanks to today's episode sponsor, Vanta For the stories behind the headlines, visit CISOseries.com.

This episode of Storm Watch begins with introductions of the hosts - Bob, Emily (Censys), Glenn, Remy, and guest Jake Baines (VulnCheck).  The hosts discuss two ransomware groups being taken down - the Ukrainian Cyber Alliance taking down Trigona, and RagnarLocker ceasing operations. However, they note ransomware attacks often continue in new forms. The increase in Bitcoin value is also concerning, as it tends to correlate with more ransomware attacks. A significant portion of the podcast focuses on the vulnerabilities in Cisco routers and Citrix systems. The hosts explain the vulnerabilities, provide background, and detail the work done by their teams to analyze the issues. They are critical of Cisco's disclosure and patching process.  The hosts discuss the recent Okta breach, criticizing their response time and communication process. They explain how the breach occurred via access to support systems, and compromised session tokens and HAR files. The hosts emphasize the sensitivity of HAR files. Other topics covered include: Recent Citrix vulnerability Attackers targeting exposed Jupyter notebooks MGM Resorts data breach notification letters finally reaching Maine residents New open source tool Precursor for payload analysis The hosts close out with recommendations for tabletop incident response exercises, favorite Halloween candies, and a plea for better security awareness and coordination across the industry. This Episode's Slides >> Join our Community Slack >> Learn more about GreyNoise >>    

https://youtu.be/GYoWiEKod38 This week on the podcast, we cover CISA's newly updated whitepaper on guidance for both software manufacturers and customers on the principals of secure-by-design and secure-by-default. Before that, we cover the Cisco IOS XE vulnerability that is under active exploitation in the wild, give an update on the EPA's efforts to regulate cybersecurity practices in water districts, and then discuss research into the latest "bullet proof hosting" options for malicious web content.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

This "Breaking News" edition of the Storm Watch podcast begins with the hosts introducing themselves and their guest, Mark from Censys. The hosts discuss the recent surge in activity around a new Cisco IOS vulnerability and the subsequent system implants. Censys has published a blog post on the topic and discovered that approximately 41,983 hosts had this implant installed, an increase of about 5,000 to 6,000 from the previous day. The hosts discuss the unique nature of this implant, noting that it does not persist through reboots or maintenance. However, attackers can establish a more permanent threshold or entry point post-implant pre-reboot. The hosts also discuss the development of a scan profile for this vulnerability, which was facilitated by information provided by Talos in their blog post. Then they discuss the distribution of the affected hosts, noting that they are spread across many different autonomous system organizations. They speculate that many of the affected systems are likely small businesses or residential users who received their devices from their Internet Service Providers (ISPs). The hosts also note that many different entities are scanning for this vulnerability, some of which are unknown, indicating that many people are opportunistically jumping on this issue. The hosts conclude the podcast by discussing the severity of this vulnerability, noting that it provides top-tier, or "God mode," access to people's networks. They encourage listeners to stay informed and safe, and they express hope that they won't have to report on another breaking news issue before their next scheduled episode. Be sure to check out the GreyNoise blog for more details and updates on this active vulnerability. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Grab a cup of coffee and join Mick Baccio, Ryan Kovar, and Katie Brown for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including:  - Cisco Discloses ‘Critical' Zero-Day Vulnerability In IOS XE - Signal Pours Cold Water on Zero-Day Exploit Rumors - European Commission demands X account for disinformation in wake of Hamas attacks

This is a FREE complete CCNP 350-401 ENCOR Course. In this fourth REST API video I demonstrate the use of REST APIs using Python and a Cisco IOS XE device. This is the first video showing the use of REST APIs - in the next video I'll show you how to use POST and DELETE and loops to create and delete lots of interfaces. It's important that you learn both REST APIs and Python for the ENCOR exam as well as the real world. I will be covering all the topics in the Cisco CCNP ENCOR exam in this course. I want to make this content practical and it will include a lots of labs and demonstrations to help you better understand topics on the exam. Slides: https://bit.ly/encorapi4 Previous video: https://youtu.be/Bqd901dKIB4 CCNP ENCOR playlist: https://bit.ly/freeccnp Menu: Menu: Overview: 0:01 Lab Setup: 1:33 Python Script: 2:10 Test Python Script: 4:10 Testing and Verification: 4:33 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15

This is a FREE complete CCNP 350-401 ENCOR Course. In this video I show you how to use Python and a REST API POST to create and interface; and REST API DELETE to delete an interface on a Cisco IOS XE device. It's important that you learn both REST APIs and Python for the ENCOR exam as well as the real world. I will be covering all the topics in the Cisco CCNP ENCOR exam in this course. I want to make this content practical and it will include a lots of labs and demonstrations to help you better understand topics on the exam. Slides: https://bit.ly/encorapi5 Previous video: https://youtu.be/kZ4YqqlU5eM CCNP ENCOR playlist: https://bit.ly/freeccnp Menu: Overview: 0:01 GET script: 1:19 POST script: 2:32 DELETE script: 7:30 Isn't the CLI easier? 11:02 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P GNS3 Academy: CCNA ($10): bit.ly/gns3ccna10 Wireshark ($10): bit.ly/gns3wireshark DavidBombal.com CCNA ($10): bit.ly/ccnafor10 Wireshark ($9): bit.ly/wireshark9 ====================== Free and trial Network Software: ====================== Engineers Toolset: http://bit.ly/gns3toolset Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds NPM: http://bit.ly/getnpm SolarWinds TFTP Server: http://bit.ly/2mbtD6j WAN Killer: http://bit.ly/wankiller IP Address Scanner: http://bit.ly/swipscan Network Device Scanner: http://bit.ly/swnetscan Wifi Heat Map: http://bit.ly/wifiheat Wifi Analyzer: http://bit.ly/swwifianalyzer Python REST API JSON CCNP CCIE CCNP ENCOR CCNP 350-401 CCNP Enterprise ccnp training CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #ccnp #python #restapi

This is a FREE complete CCNP 350-401 ENCOR Course. In this video I show you how to use Python and a REST API to create and delete multiple interfaces on a Cisco IOS XE router using the built in REST API. It's important that you learn both REST APIs and Python for the ENCOR exam as well as the real world. I will be covering all the topics in the Cisco CCNP ENCOR exam in this course. I want to make this content practical and it will include a lots of labs and demonstrations to help you better understand topics on the exam. Slides: https://bit.ly/encorapi6 Previous video: https://youtu.be/DAajWlVcskw CCNP ENCOR playlist: https://bit.ly/freeccnp Menu: Overview: 0:01 CREATE lots of interfaces script: 1:15 DELETE lots of interfaces script: 5:44 ENCOR Exam Tips: 13:18 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P GNS3 Academy: CCNA ($10): bit.ly/gns3ccna10 Wireshark ($10): bit.ly/gns3wireshark DavidBombal.com CCNA ($10): bit.ly/ccnafor10 Wireshark ($9): bit.ly/wireshark9 ====================== Free and trial Network Software: ====================== Engineers Toolset: http://bit.ly/gns3toolset Solar-PuTTY: http://bit.ly/SolarPutty SolarWinds NPM: http://bit.ly/getnpm SolarWinds TFTP Server: http://bit.ly/2mbtD6j WAN Killer: http://bit.ly/wankiller IP Address Scanner: http://bit.ly/swipscan Network Device Scanner: http://bit.ly/swnetscan Wifi Heat Map: http://bit.ly/wifiheat Wifi Analyzer: http://bit.ly/swwifianalyzer Python REST API JSON CCNP CCIE CCNP ENCOR CCNP 350-401 CCNP Enterprise ccnp training CCNP Security CCNP Data Center CCNP Service Provider CCNP Collaboration Cisco Certified Devnet Professional Cisco Certified Network Professional Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #ccnp #python #restapi

This is a FREE complete CCNP 350-401 ENCOR Course. In this third REST API video I demonstrate the use of REST APIs using a Cisco IOS XE device. We use PostMan to GET, POST and DELETE interfaces on the IOS XE device. You need to know (REST) Application Programming interfaces (APIs) for the CCNP ENCOR exam. In the next video we will interact with a REST API on a Cisco router using a Python script. It's important that you learn both REST APIs and Python for the ENCOR exam as well as the real world. I will be covering all the topics in the Cisco CCNP ENCOR exam in this course. I want to make this content practical and it will include a lots of labs and demonstrations to help you better understand topics on the exam. Slides: https://bit.ly/encorapi3 Previous video: https://youtu.be/p-3QHCt1L_w CCNP ENCOR playlist: https://bit.ly/freeccnp Menu: Overview: 0:01 Connect to DevNet IOS XE device: 1:56 REST API GET: 3:12 REST API POST: 6:43 REST API DELETE: 10:38 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P

 This week Greg , Nick A, Mike, and Thomas cover a lot of ground; must talk about all the things. This week we talk about: MikroTik CHR perf issues with AMD Epyc 30+ Cisco unauthenticated RCEs for various Cisco equipt. Cisco IOS-XE critical (10/10 CVSS) auth vuln Kubernetes DoS vulns Webmin unauthenticated RCE vuln(More)…

Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Cody Wood, AppSec Product Support Engineer at Signal Sciences! In the AppSec News, Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!   To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Cody Wood, AppSec Product Support Engineer at Signal Sciences! In the AppSec News, Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!   To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly