Browsing tag
Short Bytes: A vulnerability has been spotted in Cisco’s Cluster Management Protocol (CMP) which exposes 318 Cisco Switch models to malicious attacks comprising full control of the device. The flaw arises out of the inability to restrict the use of CMP-specific telnet protocol for local communications. Cisco has suggested some measures for reducing the attack […]
Over 300 Cisco products are affected by a zero-day vulnerability Cisco discovered last week, and for which no patch is available at the time of writing. Cisco engineers discovered the zero-day following a company-wide effort to investigate how the recently disclosed WikiLeaks “Vault 7” leak affected the company’s products. Vault 7 investigation leads to zero-day […]
The IT security researchers at Cisco’s security intelligence and research group Talos have discovered a malware that can fully hide its origins. The sample that the researchers analyzed was utilizing DNS TXT record queries/response for creating a “bidirectional Command and Control channel.” The findings of their research have been published in a report compiled by Edmund Brumaghin and […]
Remote unauthenticated control over a vulnerable ISP’s gear, could allow an attacker to log into the software as an administrator and remotely take control of thousands upon thousands of customers’ home routers, broadband gateways and similar boxes. Cisco said ,The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. […]
Cisco is warning customers about a critical privilege escalation flaw that has been exploited in attacks against the Cisco CloudCenter Orchestrator systems. Cisco has warned its customers of a critical privilege escalation flaw in Cisco CloudCenter Orchestrator systems, tracked as CVE-2016-9223, that has been exploited in cyber attacks. The Cisco CloudCenter is a hybrid cloud management […]
Cisco has issued a security advisory stating that a portion of data belonging to its job seekers was discovered online by an independent security researcher. Cisco has warned aspiring applicants to beware of a mobile site data leak and be cautious while applying through its Professional Careers Mobile site. The company has emailed the users of […]
Cisco has emailed users of its mobile careers site, warning of two occasions when their data could have been exposed. Users of Cisco’s Professional Careers mobile site, mjobs.cisco.com, have been warned of a potential leak of their data, which the networking giant is pinning on an incorrect security setting. “Cisco’s investigation found this to be […]
Two security experts from the Rapid 7 firm revealed that tens of thousands of CISCO ASA boxes are still vulnerable to the NSA EXTRABACON exploit. A few weeks ago the Shadow Brokers hacker group hacked into the arsenal of the NSA-Linked Equation Group leaked online data dumps containing its exploits. ExtraBacon is one of the exploits […]
Vulnerability common to devices routing IPv6; Cisco offered partial fix in July. Juniper Networks has found and mostly patched a flaw in the way the firmware on its routers process IPv6 traffic, which allowed malicious users to simulate Direct Denial of Service attacks. The vulnerability, which seems to be common to all devices processing IPv6 address, […]
Technology vendor Cisco is pushing out security updates to customers to address a critical vulnerability found in its recently introduced line of FirePower firewall products. The vulnerability, according to Cisco, allows attackers to slip malware onto critical systems without detection. The flaw is also impacts Snort, an open source network-based intrusion detection system also owned by Cisco. […]
Attackers can take over Cisco firewalls and VPN servers. Cisco has released urgent security patches aimed at fixing a security vulnerability in some of its firewall equipment that employs several versions of Cisco Adaptive Security Appliance (ASA). As Cisco describes it, ASA is the core operating system for the Cisco ASA family of devices that provide […]
Researchers have found that thousands of Internet gateways, routers, modems and other embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks that open the door to more extensive intrusions that jeopardize encrypted data. This type of certificate reuse and sharing of SSH keys is apparently all too common among connected […]
A certification tracking system (Credential Manager System) used by companies like Cisco, F5, IBM and Oracle has faced a data breach and sensitive data might have been accessed by the hackers. An announcement made by Pearson VUE (Computer-Based Test (CBT) development and delivery) said a malware was placed on the server of the tracking system […]
Researchers identified a flaw in Cisco’s WebVPN — Hackers managed to install backdoors via two methods on the service — This weakness allows hackers to steal corporate account passwords when employees logged into their accounts. Hackers managed to load backdoors via different JavaScript snippets which were then loaded on Cisco’s ASA WebVPN service. The procedure […]
Dozens of successful attacks detected that install malicious code on company portals. Attackers are infecting a widely used virtual private network product sold by Cisco Systems to install backdoors that collect user names and passwords used to log in to corporate networks, security researchers said. A researcher from security firm Volexity told Ars that he’s […]
Since joining Twitter, Edward Snowden is more active than ever. In his latest revelation, the whistleblower has claimed that the British intelligence agency (GCHQ) obtained a massive amount of communication data that was travelling through Pakistan in its search for terrorists. This identification spree from the Britain involved hacking into routers of users back in Pakistan, […]
Group used Angler Exploit kit to push ransomware on unsuspecting Internet users. Security researchers have disrupted an online criminal operation they estimated drew $30 million per year pushing ransomware on unsuspecting people browsing the Internet. The takedown was performed by investigators from Cisco Systems’ Talos security unit, which was researching the Angler Exploit kit. The hack-by-numbers […]
Cisco pushed out on Wednesday its usual semiannual round of patches for IOS, the software the company uses for most of its routers and switches. This month’s security advisories addressed four vulnerabilities, three which could lead to denial of service situations, and another that could have let an attacker bypass user authentication. The bypass vulnerability […]
More than a dozen routers in four countries infected with fully featured implants. Researchers have uncovered active and highly clandestine attacks that have infected more than a dozen Cisco routers with a backdoor that can be used to gain a permanent foothold inside a targeted network. The SYNful knock malware has been found on 14 […]
It has always been believed that Cisco routers being used in the enterprise environment could be hacked via installation of backdoor firmware, but it was always just a theory. Now, security researchers over at Mandiant, an American cyber security firm and a FireEye company, have confirmed that hacking of Cisco routers through backdoor firmware installations […]
Seven of the most prominent Internet and tech firms unite to build a next generation of royalty-free video codec in an attempt to provide users around the world with new formats and advanced codecs for enhanced media experience on the Web across various devices. The founding members of this alliance include Google, Netflix, Microsoft, Mozilla, […]