Monday , September 15 2025
urgent fix

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability

infosecbulletin Friday , October 25 2024 Vulnerabilities

Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being exploited and could cause a denial-of-service (DoS) condition.

CVE-2024-20481 (CVSS score: 5.8) is A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service.

Major Australian Banks using Army of AI Bots to Scam Scammers

By infosecbulletin / Monday , September 15 2025
Australian banks are now using bots to combat scammers. These bots mimic potential victims to gather real-time information and drain...
Read More
Major Australian Banks using Army of AI Bots to Scam Scammers

F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

By infosecbulletin / Saturday , September 13 2025
F5 plans to acquire CalypsoAI, which offers adaptive AI security solutions. CalypsoAI's technology will be added to F5's Application Delivery...
Read More
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities

AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

By infosecbulletin / Saturday , September 13 2025
The Villager framework, an AI-powered penetration testing tool, integrates Kali Linux tools with DeepSeek AI to automate cyber attack processes....
Read More
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks

CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

By infosecbulletin / Saturday , September 13 2025
Samsung released its monthly Android security updates, addressing a vulnerability exploited in zero-day attacks. CVE-2025-21043 (CVSS score: 8.8) is a...
Read More
CVE-2025-21043 Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks

Albania appoints world’s first AI minister, “Diella” to Tackle Corruption

By infosecbulletin / Saturday , September 13 2025
Albania has appointed the first AI-generated government minister to help eliminate corruption. Diella, the digital assistant meaning Sun, has been...
Read More
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption

L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks

By infosecbulletin / Thursday , September 11 2025
On September 1, 2025, Qrator Lab identified and managed a major attack from the largest L7 DDoS botnet seen so...
Read More
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks

Palo Alto Networks User-ID Credential Agent Vuln Exposes password In Cleartext

By infosecbulletin / Thursday , September 11 2025
A new vulnerability, CVE-2025-4235, in Palo Alto Networks’ User-ID Credential Agent for Windows, could reveal a service account's password in...
Read More
Palo Alto Networks User-ID Credential Agent Vuln Exposes password In Cleartext

CyberVolk Ransomware Attacks CII In Japan, France, and UK

By infosecbulletin / Thursday , September 11 2025
CyberVolk ransomware, which appeared in May 2024, has increased attacks on government agencies and critical infrastructures in Japan, France, and...
Read More
CyberVolk Ransomware Attacks CII In Japan, France, and UK

Microsoft warns of active directory and office vulnarability

By infosecbulletin / Wednesday , September 10 2025
Microsoft has issued a new warning about a critical security vulnerability in Active Directory Domain Services, known as CVE-2025-21293. An...
Read More
Microsoft warns of active directory and office vulnarability

(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points

By infosecbulletin / Wednesday , September 10 2025
Sophos fixed an authentication bypass vulnerability in its AP6 Series Wireless Access Points, preventing attackers from obtaining admin privileges. The...
Read More
(CVE-2025-10159) Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points

This vulnerability stems from resource exhaustion. An attacker can exploit it by sending many VPN authentication requests to the device, potentially causing a denial of service (DoS) for the RAVPN service. In some cases, the device may need to be rebooted to restore the service. Other services unrelated to VPN are not affected.

“An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device,” Cisco said in an advisory. “A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device.”

Earlier this April, Cisco Talos reported an increase in brute-force attacks on VPN services, web application logins, and SSH services since March 18, 2024.

These attacks targeted various equipment from companies like Cisco, Check Point, Fortinet, SonicWall, MikroTik, Draytek, and Ubiquiti.

“The brute-forcing attempts use generic usernames and valid usernames for specific organizations,” Talos noted at the time. “These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies.”

Cisco has also released patches to remediate three other critical flaws in FTD Software, Secure Firewall Management Center (FMC) Software, and Adaptive Security Appliance (ASA), respectively.

Check Also

NVIDIA Releases Security Updates for BlueField, DOCA, Mellanox, ConnectX and NVOS

NVIDIA has issued important software updates to fix vulnerabilities in its BlueField DPUs, DOCA software, …

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin