Tag: CISCO

Cisco Warns Russia May Launch Cyber Attack Against Ukraine

Cisco Warns Russia May Launch Cyber Attack Against Ukraine

Cisco Systems warned last Tuesday that it has observed hackers infecting at least 500,000 routers and storage devices with highly sophisticated malware across several countries, a move which may signal a massive cyber attack by Russia on Ukraine. Cisco researcher Craig Williams said that they highly suspect that state-backed Russian hackers are behind the campaign, called VPNFilter, since the code found in the hacking software had previously been seen in malware used for cyberattacks against the US by Moscow. The Cyber Threat Alliance, a nonprofit composed of Cisco, Check Point Software Technologies Ltd, Fortinet Inc, Palo Alto Networks Inc, Sophos […]

Major Tech Companies Sign Cybersecurity Tech Accord

Major Tech Companies Sign Cybersecurity Tech Accord

At the recently held RSA conference, 34 tech firms including Microsoft, Facebook, Cisco, and SAP have signed an agreement called the Cybersecurity Tech Accord where they vowed to protect users from cybersecurity threats and not participate in any government-supported cyber attacks. Those who have signed the accord are required to commit to four pillars: 1. Building stronger defenses to protect all internet users around the globe. 2. Oppose any offensive cyber attacks. 3. Empower people, businesses and developers. 4. Work together and with other private and public sector partners to mitigate threats. Microsoft President Brad Smith emphasized that the wave […]

Hackers Hit Russia, Iran Data Centers, Leaves US Flags with Warning

Hackers Hit Russia, Iran Data Centers, Leaves US Flags with Warning

Cyber security company Kaspersky reported that hackers Friday last week had attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving a message saying “Don’t mess with our elections”, along with the image of a US flag. The attackers had exploited the Smart Install “protocol misuse” vulnerability which Cisco issued an alert for last week. The company also mentioned that nation-state hackers were targeting the flaw to hit critical infrastructure providers. Tech website Motherboard said that they were able to contact the attackers via the email address the left as a calling card. The hackers said that they […]

Cisco Issues Warning Against State-backed Hackers

Cisco Issues Warning Against State-backed Hackers

Cisco’s Talos Intelligence group warned this week that nation-state hackers are exploiting a “protocol misuse” issue in Cisco’s Smart Install Client to gain access to critical infrastructure providers in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. Symantec additionally reported that the suspects may be the hacking group Dragonfly which may have carried out attacks that the US CERT had issued an alert for. The new warning comes after the release of a patch addressing a critical remote code execution flaw affecting the Smart Install Client which Talos researcher Nick Biasini urged customers in a post last […]

Cisco Warns of Exploits Against Product Vulnerability

Cisco Warns of Exploits Against Product Vulnerability

Earlier this week, Cisco updated its earlier warning for the flaw in its Adaptive Security Appliance and said that it is being targeted by attacks. The advisory was first issued last January 29, just days before the flaw was to be explained by the NCC group researcher who discovered it. However, Cisco said that it had discovered more vulnerabilities than what had been detailed in prior reports. Cisco urges customers to immediately update their products since the flaws had received a 10 of 10 CVSS rating, which indicates the highest level of severity.    Source: ZDNet

ROBOT Cryptographic Attack Can be Used to Decrypt HTTPS

ROBOT Cryptographic Attack Can be Used to Decrypt HTTPS

A three-man research team recently discovered that a variation to a cryptographic attack from 19 years ago can be used to decrypt HTTPS traffic on a number of popular sites such as Facebook and Paypal. Called ROBOT (Return Of Bleichenbacher’s Oracle Threat), the attack is able to bypass security countermeasures used by the TLS standard. The team revealed that under certain conditions, the ROBOT attack can be used to exploit flaws in products offered by companies like Cisco, Citrix, F5, and Radware. 27 out of Alexa’s Top 100 websites are also vulnerable to the attack. The team also published a […]

Cisco and Interpol Join in Cybercrime Intelligence Sharing Agreement

Cisco and Interpol Join in Cybercrime Intelligence Sharing Agreement

Last Tuesday, tech giant Cisco and international law enforcement agency Interpol signed on a cybercriminal threat data sharing agreement in Singapore at Interpol’s headquarters. The move is expected to help address the skills gap in the cybersecurity sector. The data sharing arrangement aims to improve threat detection and serve as groundwork for subsequent projects. It will also support Interpol’s programs that target pure cybercrime and related crimes, as well as assist EU countries identify threat actors and cybercriminal schemes. John Stewart, Cisco SVP and Chief Security & Trust Officer said that the threat posed by global cybercrime must be met […]

Cisco Meraki Announced Loss of Customer Data, Clients to Reconfigure Accounts

Cisco Meraki Announced Loss of Customer Data, Clients to Reconfigure Accounts

News last week reported that Cisco lost customer data in its Meraki service, a cloud-based program designed to centrally manage network settings. Cisco owned up to the engineering mishap, stating engineers mistakenly uploaded an erroneous configuration file that dictated incorrect commands to its North American system. This resulted in files being deleted, removing all data uploaded before 11:20am PST in August 3. Some of the files that got deleted in the engineering snafu included telephony server details, summary reports, Wi-Fi floor plans, and general system configurations. To address the incident, Cisco’s engineers are now working to recover the lost data […]

Cisco Releases Patch for Bug in WebEx Chrome and Firefox Plugins

Last Saturday, Cisco released a patch that addresses a critical remote code execution vulnerability present in both Chrome and Firefox versions of their WebEx extension that makes systems vulnerable to hijacking. The flaw in the WebEx extensions prior to 1.0.12 allows attackers to direct the user to a malicious site. According to Cisco, once penetrated, an attacker could launch an arbitrary code to control the system with the capabilities of the infected browser. The flaw was identified by Tavis Tavis Ormandy, a Google Project Zero researcher, and Cris Necker of Divergent Security. To date, the auto update for Chrome has […]

Cisco, Apple to Widen Partnership to Improve Security

Cisco CEO Chuck Robbins’ keynote address in July 26 discussed the two companies’ plans to expand their partnership, specifically in the field of security to help reduce the rising cost of cyber-security insurance premiums. The IT giant also announced the Cisco Security Connector program for iOS devices which will allow enterprises a better view of corporate-owned iPhones and iPads to enhance protection against cyber-attacks while ensuring the devices meet compliance requirements. Source: EWeek