CIO council building list of ‘top-tier’ services amid FedRAMP reforms
http://news.poseidon-us.com/TNHgVQ
http://news.poseidon-us.com/TNHgVQ
http://news.poseidon-us.com/TNHgVQ
CIO council building list of ‘top-tier’ services amid FedRAMP reforms
http://news.poseidon-us.com/TNHgVH
CIO council building list of ‘top-tier’ services amid FedRAMP reforms
http://news.poseidon-us.com/TNHgTB
Is “cheap mass” just a gateway to permanent software licensing in defense tech?
http://news.poseidon-us.com/TNHg0H
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. Cisco has released software updates that address this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Continued Attacks Against Cisco Firewall Platforms. Security Impact Rating: Medium CVE: CVE-2025-20362http://news.poseidon-us.com/TNHfkp
Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details section of this advisory. Cisco has released software updates that address this vulnerability and strongly recommends that customers upgrade to a fixed software release. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Continued Attacks Against Cisco Firewall Platforms. Security Impact Rating: Critical CVE: CVE-2025-20363http://news.poseidon-us.com/TNHfkj
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. Cisco has released software updates that address this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Continued Attacks Against Cisco Firewall Platforms. Security Impact Rating: Critical CVE: CVE-2025-20333http://news.poseidon-us.com/TNHfkf
Is “cheap mass” just a gateway to permanent software licensing in defense tech?
http://news.poseidon-us.com/TNHfjB
Is “cheap mass” just a gateway to permanent software licensing in defense tech?
http://news.poseidon-us.com/TNHfPD
Webshells Hiding in .well-known Places, (Thu, Sep 25th)
Ever so often, I see requests for files in .well-known recorded by our honeypots. As an example:http://news.poseidon-us.com/TNHdJV