Struts bugs , Umbrella misconfig and router Guest accounts fixed Vulnerability-related.PatchVulnerability . Cisco has issued security alerts Vulnerability-related.DiscoverVulnerability for 30 vulnerabilities across a range of its products and services , with three being ranked Vulnerability-related.DiscoverVulnerability as critical and remotely exploitable . Some 20 different Cisco products contain Vulnerability-related.DiscoverVulnerability a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems . Of these , 18 are not vulnerable Vulnerability-related.DiscoverVulnerability to any exploitation vectors for the Struts flaw , Cisco said Vulnerability-related.DiscoverVulnerability . Five Cisco products , SocialMiner , Identity Services Engine , Finesse , Unified Contact Centre Enterprise and the Video Distribution Suite for Internet Streaming have received Vulnerability-related.PatchVulnerability patches for the Struts vulnerability . Cisco 's cloud-hosted Network Performance Analysis service is yet to get Vulnerability-related.PatchVulnerability a Struts update though . A critical flaw in the application programming interface ( API ) for Cisco 's cloud-based Umbrella allowed attackers to view and potentially modify data across multiple organisations using the secure internet gateway service . The vulnerability stems from insufficient authentication configurations for the Umbrella API , and has been patched Vulnerability-related.PatchVulnerability by Cisco with no user action required . Two high-impact vulnerabilities in the Umbrella Enterprise Roaming Client and Enterprise Roaming Module that could be exploited Vulnerability-related.DiscoverVulnerability by attackers to elevate user privileges to Administrator level have also been patched Vulnerability-related.PatchVulnerability by Cisco . A third critical vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to run code remotely on the Cisco RV110W VPN firewall and RV130W and RV215W wireless VPN routers , or freeze the devices in denial of service attacks . Patches for the vulnerability address Vulnerability-related.PatchVulnerability an improper boundary restriction on input via the Guest user account in the devices ' web-based remote management interface , Cisco said . Cisco also patched Vulnerability-related.PatchVulnerability three high impact vulnerabilities in the above network devices , which could be exploited Vulnerability-related.DiscoverVulnerability to remotely execute arbitrary commands and read sensitive information on them . Of the thirty vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability , 13 are ranked Vulnerability-related.DiscoverVulnerability as high impact .

Struts bugs , Umbrella misconfig and router Guest accounts fixed Vulnerability-related.PatchVulnerability . Cisco has issued security alerts Vulnerability-related.DiscoverVulnerability for 30 vulnerabilities across a range of its products and services , with three being ranked Vulnerability-related.DiscoverVulnerability as critical and remotely exploitable . Some 20 different Cisco products contain Vulnerability-related.DiscoverVulnerability a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems . Of these , 18 are not vulnerable Vulnerability-related.DiscoverVulnerability to any exploitation vectors for the Struts flaw , Cisco said Vulnerability-related.DiscoverVulnerability . Five Cisco products , SocialMiner , Identity Services Engine , Finesse , Unified Contact Centre Enterprise and the Video Distribution Suite for Internet Streaming have received Vulnerability-related.PatchVulnerability patches for the Struts vulnerability . Cisco 's cloud-hosted Network Performance Analysis service is yet to get Vulnerability-related.PatchVulnerability a Struts update though . A critical flaw in the application programming interface ( API ) for Cisco 's cloud-based Umbrella allowed attackers to view and potentially modify data across multiple organisations using the secure internet gateway service . The vulnerability stems from insufficient authentication configurations for the Umbrella API , and has been patched Vulnerability-related.PatchVulnerability by Cisco with no user action required . Two high-impact vulnerabilities in the Umbrella Enterprise Roaming Client and Enterprise Roaming Module that could be exploited Vulnerability-related.DiscoverVulnerability by attackers to elevate user privileges to Administrator level have also been patched Vulnerability-related.PatchVulnerability by Cisco . A third critical vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to run code remotely on the Cisco RV110W VPN firewall and RV130W and RV215W wireless VPN routers , or freeze the devices in denial of service attacks . Patches for the vulnerability address Vulnerability-related.PatchVulnerability an improper boundary restriction on input via the Guest user account in the devices ' web-based remote management interface , Cisco said . Cisco also patched Vulnerability-related.PatchVulnerability three high impact vulnerabilities in the above network devices , which could be exploited Vulnerability-related.DiscoverVulnerability to remotely execute arbitrary commands and read sensitive information on them . Of the thirty vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability , 13 are ranked Vulnerability-related.DiscoverVulnerability as high impact .

Published December 7 , 2016 5:50 pm in Adobe , Adobe Flash , Malware , Ransomware , Vulnerability 0 Of the top 10 vulnerabilities incorporated by exploit kits in 2016 , six of them ( rather unsurprisingly ) affected Adobe Flash Player . Real-time threat intelligence provider Recorded Future arrived at those findings by analyzing thousands of sources including information security blogs and deep web forum postings . Recorded Future then ranked Vulnerability-related.DiscoverVulnerability each vulnerability based upon how many web references linked the bug to at least one of 141 exploit kits , malicious software packages like Neutrino and RIG which abuse security flaws to infect users with TrickBot and other malware . Recorded Future found Vulnerability-related.DiscoverVulnerability the most references to CVE-2016-0189 , a vulnerability affecting Internet Explorer . More than 700 web sources linked the bug to the Magnitude , RIG , Neutrino , and Sundown exploit kits . But when it came to actual links with exploit kits , Adobe Flash Player cleaned house . In total , six Adobe Flash Player vulnerabilities appeared Vulnerability-related.DiscoverVulnerability in the top 10 list . Two of those ( CVE-2016-1o1o and CVE-2015-8446 ) bonded with the late Angler exploit kit . Another three ( CVE-2016-1019 , CVE-2016-4117 , and CVE-2015-8651 ) connected to at least three exploit kits . Overall , the regrettable honor of integration with the most exploit kits goes to CVE-2015-7645 , a flaw which a mere 70 web sources linked to seven different packages : Neutrino , Angler , Magnitude , RIG , Nuclear Pack , Spartan , and Hunter . Recorded Future provides Vulnerability-related.DiscoverVulnerability some background on why this vulnerability likely received so many linkages : `` CVE-2015-7645 impacts Windows , Mac , and Linux operating systems , which makes it extremely versatile . Per Adobe , it can be used to take control of the affected system . Additionally , it was the first zero-day exploit discovered Vulnerability-related.DiscoverVulnerability after Adobe introduced Vulnerability-related.PatchVulnerability new security mitigations , and as such , it was quickly adopted as many other older exploits ceased working on machines with newer Flash versions . The vulnerability was also noted as being used by Pawn Storm ( APT28 , Fancy Bear ) , a Russian government-backed espionage group . '' To protect against RIG and the others from exploiting some of these vulnerabilities on your machine , you should patch Vulnerability-related.PatchVulnerability your system regularly , install a reputable anti-virus solution , and install an ad-blocker . There 's no hope when it comes to Adobe Flash Player . It seems like new bugs are emerging Vulnerability-related.DiscoverVulnerability every day , which makes patch management Vulnerability-related.PatchVulnerability a serious headache . If you can , you should uninstall Adobe Flash Player from your computer as soon as possible .