Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 5 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

US and Australian government warn of critical vulnerabilities in Cisco, Microsoft and IBM remote access and perimeter devices

by Sabina
August 5, 2020
in Cyber Bites
vulnerability
Share on FacebookShare on Twitter

Security firm RiskIQ has published a report highlighting several critical vulnerabilities in 12 widely used remote access and perimeter devices. The findings show that the rapidly increasing adoption of these devices amid the COVID-19 pandemic is expanding digital attack surfaces outside the corporate firewall at incredible speed—and introducing a range of critical, rapidly proliferating vulnerabilities. Cybercriminals and nation-states are already taking advantage of these security flaws, including those in F5 Networks’ BIG-IP product and Cisco’s IOS XE devices, to attack organisations.

Recently, organisations have had to scramble to patch dangerous security flaws in dozens of remote access and perimeter devices. Already, there have been 18 high-to-critical vulnerabilities in these systems in 2020. The devices covered in the report include Palo Alto Global Protect, F5 BIG-IP, IBM WebSphere Application Server, Oracle WebLogic, Microsoft Remote Desktop Gateway, Citrix NetScaler Gateway, Citrix ADC, Cisco ASA & Firepower, Oracle iPlanet Web Server, and more.

The total amount of potential vulnerabilities in the findings include:

  • Palo Alto Global Protect – 61,869
  • F5 Big-IP – 967,437
  • IBM WebSphere Application Server – 7,496
  • Oracle WebLogic – 14,563
  • Microsoft Remote Desktop Gateway – 42,826
  • Citrix NetScaler Gateway – 86,773
  • Citrix ADC – 7,970
  • Cisco ASA & Firepower – 1,982
  • Oracle iPlanet Web Server 7.0 – 2,848
  • SAP NetWeaver – 2,629
  • Zoho Desktop Central – 1,988
  • Citrix ShareFile – 2,766

“This data in this report gives us a unique glimpse of the new reality facing the enterprise in the post-COVID world, which is that network controls are coming up dangerously short,” said Lou Manousos, RiskIQ’s CEO. “These IP-connected assets aren’t in the purview of most security controls, and dangerous flaws like those found in Cisco, Microsoft, Citrix, and IBM products will continue to be incredibly common.”

Both the US and Australian governments have advised companies to immediately address these critical vulnerabilities, with US Cyber Command recommending that organisations patch both the F5 and PAN-OS vulnerabilities. Both the United States National Security Agency (NSA) and Australian Signals Directorate (ASD) have warned state-sponsored actors that leverage a broad swath of vulnerabilities to deploy web shell malware on vulnerable devices. By doing so, they gain a foothold into target organisations’ networks.

FacebookTweetLinkedIn
Share1Tweet
Previous Post

These 10 IoT devices pose the biggest risk to your organisation

Next Post

Tweet Chat Roundup with KnowBe4

Recent News

A Roadmap for Becoming a Penetration Tester in 2023

A Roadmap for Becoming a Penetration Tester in 2023

May 31, 2023
Electronic tablet with social media icons, hands holding screen.

Research Reveals UK Firms Plan to Embrace New Era of Digital Identity

June 1, 2023
AWS and Salt

Salt Security Attains AWS Security Competency Status 

May 31, 2023
Purple spiral circle. Text reads "Centripetal", san-serif.

Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud

May 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information