Recently, Fireeye researchers have discovered a new type of malware implant in Cisco router that allows attackers to gain and keep access to these devices. The implant consists of a modified Cisco IOS image that allows the attacker to load different functional modules from the anonymity of the internet. The implant also provides unrestricted access using a secret backdoor password.
Like every year, Cisco has released the Midyear Security Report. This paper is written to understand how attackers are evolving their techniques to evade defenses, using stealthy tactics based on agility, speed, adaptation, and even destruction. New threat intelligence and trend analysis reveal how attackers use stealthy tactics based on agility, speed, adaptation, and even destruction. During this year, adversaries continue to innovate as they slip into networks undetected and evade security measures:
In June 30, 2015 at 23:59:60 UTC, one minute will have 61 seconds when a leap second is added; the reason we have to add a second every now and then, is that Earth’s rotation around its own axis, is gradually slowing down, although very slowly. This will be the 26th leap second adjustment since 1972, and represents an important consideration for providers of computing, networking, and software solutions.
On Tuesday January 27, 2015, Qualys security researchers discovered the GHOST vulnerability (CVE-2015-0235), a serious weakness in the Linux glibc library, that allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. This vulnerability affects the functions gethostbyname() and gethostbyname2() functions originally used to resolve a hostname to an IP address. However, these functions have been deprecated for approximately fifteen years, largely because of their lack of support for IPv6. The superseding function is getaddrinfo() which does support IPv6 and is not affected by this buffer overflow. Programs that still utilize the deprecated […]
Like every year, Cisco has released the Annual Security Report that is one of the preeminent security reports that examines the latest threat intelligence, providing industry insights, trends and key findings revealing cybersecurity trends. During this year, attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity. Security teams, must be constantly improving their approach to protect their organization from these increasingly sophisticated cyber attack campaigns.
Recently, the Red Hat team have found a critical remotely exploitable vulnerability in the Bash (aka the GNU Bourne Again Shell), that allow a remote attacker to inject arbitrary commands. GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash […]
The Cisco Product Security Incident Response Team (PSIRT) has published nine important vulnerability advisories: Cisco IOS Software SSL VPN Denial of Service Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Cisco IOS Software Network Address Translation Vulnerabilities Cisco AsyncOS Software Code Execution Vulnerability Cisco Small Business Router Password Disclosure Vulnerability Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Cisco Prime Infrastructure Command Execution Vulnerability Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905 Multiple Vulnerabilities in Cisco IPS Software Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability Cisco UCS Director Default Credentials Vulnerability
The Cisco Product Security Incident Response Team (PSIRT) has published five important vulnerability advisories: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability Cisco TelePresence System Software Command Execution Vulnerability Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Secure Access Control System Undocumented Test Interface in Cisco Small Business Devices
The Cisco Product Security Incident Response Team (PSIRT) has published three important vulnerability advisories: Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability Cisco WAAS Mobile Remote Code Execution Vulnerability Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
Enter your email address to receive notifications of new posts.