Tag: CISCO

Cisco Warns of Exploits Against Product Vulnerability

Cisco Warns of Exploits Against Product Vulnerability

Earlier this week, Cisco updated its earlier warning for the flaw in its Adaptive Security Appliance and said that it is being targeted by attacks. The advisory was first issued last January 29, just days before the flaw was to be explained by the NCC group researcher who discovered it. However, Cisco said that it had discovered more vulnerabilities than what had been detailed in prior reports. Cisco urges customers to immediately update their products since the flaws had received a 10 of 10 CVSS rating, which indicates the highest level of severity.    Source: ZDNet

ROBOT Cryptographic Attack Can be Used to Decrypt HTTPS

ROBOT Cryptographic Attack Can be Used to Decrypt HTTPS

A three-man research team recently discovered that a variation to a cryptographic attack from 19 years ago can be used to decrypt HTTPS traffic on a number of popular sites such as Facebook and Paypal. Called ROBOT (Return Of Bleichenbacher’s Oracle Threat), the attack is able to bypass security countermeasures used by the TLS standard. The team revealed that under certain conditions, the ROBOT attack can be used to exploit flaws in products offered by companies like Cisco, Citrix, F5, and Radware. 27 out of Alexa’s Top 100 websites are also vulnerable to the attack. The team also published a […]

Cisco and Interpol Join in Cybercrime Intelligence Sharing Agreement

Cisco and Interpol Join in Cybercrime Intelligence Sharing Agreement

Last Tuesday, tech giant Cisco and international law enforcement agency Interpol signed on a cybercriminal threat data sharing agreement in Singapore at Interpol’s headquarters. The move is expected to help address the skills gap in the cybersecurity sector. The data sharing arrangement aims to improve threat detection and serve as groundwork for subsequent projects. It will also support Interpol’s programs that target pure cybercrime and related crimes, as well as assist EU countries identify threat actors and cybercriminal schemes. John Stewart, Cisco SVP and Chief Security & Trust Officer said that the threat posed by global cybercrime must be met […]

Cisco Meraki Announced Loss of Customer Data, Clients to Reconfigure Accounts

Cisco Meraki Announced Loss of Customer Data, Clients to Reconfigure Accounts

News last week reported that Cisco lost customer data in its Meraki service, a cloud-based program designed to centrally manage network settings. Cisco owned up to the engineering mishap, stating engineers mistakenly uploaded an erroneous configuration file that dictated incorrect commands to its North American system. This resulted in files being deleted, removing all data uploaded before 11:20am PST in August 3. Some of the files that got deleted in the engineering snafu included telephony server details, summary reports, Wi-Fi floor plans, and general system configurations. To address the incident, Cisco’s engineers are now working to recover the lost data […]

Cisco Releases Patch for Bug in WebEx Chrome and Firefox Plugins

Last Saturday, Cisco released a patch that addresses a critical remote code execution vulnerability present in both Chrome and Firefox versions of their WebEx extension that makes systems vulnerable to hijacking. The flaw in the WebEx extensions prior to 1.0.12 allows attackers to direct the user to a malicious site. According to Cisco, once penetrated, an attacker could launch an arbitrary code to control the system with the capabilities of the infected browser. The flaw was identified by Tavis Tavis Ormandy, a Google Project Zero researcher, and Cris Necker of Divergent Security. To date, the auto update for Chrome has […]

Cisco, Apple to Widen Partnership to Improve Security

Cisco CEO Chuck Robbins’ keynote address in July 26 discussed the two companies’ plans to expand their partnership, specifically in the field of security to help reduce the rising cost of cyber-security insurance premiums. The IT giant also announced the Cisco Security Connector program for iOS devices which will allow enterprises a better view of corporate-owned iPhones and iPads to enhance protection against cyber-attacks while ensuring the devices meet compliance requirements. Source: EWeek

Western Tech Firms Complies to Russia to Show Cyber Secrets

Technology companies including CISCO,IBM, and SAP are agreeing to comply to Moscow’s demands to access to security secrets. Russian authorities are requiring access to source codes for firewalls, anti-virus applications, and encrypted software before allowing the products to enter the country. This concerns U.S officials and security experts as these inspections expose potential vulnerabilities in the product’s source code. Many U.S firms are pressured to comply to be able to penetrate the lucrative Russian market. Source: Reuters India