433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. Cisco Meraki has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-by-QWUkqV7X Security Impact Rating: Medium CVE: CVE-2024-20509
http://news.poseidon-us.com/TL6sdk

Why we should be thinking about drone attacks in the US

“There’s a gap between the state of unmanned air craft and … the law that governs what you can do to secure yourselves,” said Carter Lee. The post Why we should be thinking about drone attacks in the US first appeared on Federal News Network.
http://news.poseidon-us.com/TL6rXD

Why we should be thinking about drone attacks in the US

“There’s a gap between the state of unmanned air craft and … the law that governs what you can do to secure yourselves,” said Carter Lee. The post Why we should be thinking about drone attacks in the US first appeared on Federal News Network.
http://news.poseidon-us.com/TL6rGR

No pay raise for federal employees in 2026 budget request

Unlike the “skinny” budget released in early May, the administration did include funding requests for OPM, Education and independent agencies like CFBP. The post No pay raise for federal employees in 2026 budget request first appeared on Federal News Network.
http://news.poseidon-us.com/TL6p8g

DoControl helps organizations enforce zero trust security strategies

DoControl announced expanded capabilities that further support organizations in enforcing zero trust security strategies – without compromising business agility or user productivity. Zero trust principles dictate that no user, device, or location is inherently trusted. While this approach is essential for reducing risk, overly rigid enforcement can hinder business operations. DoControl addresses this challenge with a new capability that balances security with usability. The latest enhancement enables organizations to quarantine sensitive SaaS assets in near … More → The post DoControl helps organizations enforce zero trust security strategies appeared first on Help Net Security.
http://news.poseidon-us.com/TL6nQ4

ISC Stormcast For Monday, June 2nd, 2025 https://isc.sans.edu/podcastdetail/9474, (Mon, Jun 2nd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TL6fmF

3 CIO tips for modernizing legacy technology

Tackling technical debt can feel like an uphill battle. Here’s how decision-makers overcome hurdles, mitigate concerns and build momentum.
http://news.poseidon-us.com/TL6dWk

How modern procurement helps rein in tail spend and navigate a challenging market

Modernize procurement to cut tail spend and boost compliance. Discover how leading teams use Amazon Business to drive smarter, more strategic purchasing.
http://news.poseidon-us.com/TL6WDQ

Demystifying digital transformation

Digital transformation has become a strategic imperative and is more accessible than ever, regardless of where your company stands on its journey.
http://news.poseidon-us.com/TL6W9h

Product showcase: Smarter pentest reporting and exposure management with PlexTrac

The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigates threats in real time. To manage these exposures effectively, security teams need a streamlined way to track, prioritize, and remediate issues as they’re discovered. PlexTrac empowers offensive and defensive teams to collaborate in real time, transforming manual testing efforts into actionable insights … More → The post Product showcase: Smarter pentest reporting and exposure management with PlexTrac appeared first on Help Net Security.
http://news.poseidon-us.com/TL6Plc