Cisco have this week updated an advisory regarding vulnerabilities with their Adaptive Security Appliance (ASA) Software and Firepower Threat Defence (FTD) Software.

The vulnerability could potentially allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system.

In addition, Cisco have also found multiple vulnerabilities in their IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers and 1000 Series Connected Grid Routers.

This could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload.

In both advisories, Cisco have included the latest software releases that will address these vulnerabilities for software and routers and at present there are no workarounds available.

The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest software version. Guidance has been published about keeping all devices and software up to date.


Remote workers targeted by Office 365 phishing scam

Cyber criminals have been targeting remote workers with a phishing attack that seeks to steal user credentials.

The scam sees attackers send staff an email pretending to be from their organisation’s IT department. It requests users update the VPN configuration used to access the company network while working from home.

Users who click the link in the email are directed to a fake page that looks identical to a legitimate Office 365 login page.

Staff who are misled into entering their credentials give the fraudsters the details to their Office 365 account.

Cyber criminals constantly look for new opportunities to trick people into revealing sensitive information.

If you have spotted a suspicious email then you should take advantage of the NCSC’s reporting service by sending the emails to report@phishing.gov.uk.

If you have been a victim of phishing and have lost money, then please contact Action Fraud.

Advice on spotting and dealing with phishing emails and messages is also available.

The NCSC has published a range of guidance to support organisations with remote working.


Major VMware server vulnerability detected

A major VMware code injection vulnerability that left private clouds exposed to malicious actors has been discovered.

Ethical hacking specialists at Citadelo discovered the flaw in April and have highlighted that the vulnerability could have been exploited to perform code execution attacks and take over private clouds.

Penetration testing experts were able to view internal databases where password hashes were stored and read customer data, which included email and IP addresses.

VMware have issued an advisory for patching this flaw.

Penetration testing is a key method for analysing the security of IT systems.

The NCSC has guidance to help organisations understand the commissioning and use of penetration tests.