Browsing articles in "Security Advisory"
Jun
26
2019
BGP route leak sends European traffic via China
BGP-route-leak-sends-European-traffic-via-China

On Thursday June 6, 2019, traffic destined to some of Europe’s biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled China Telecom, in some cases for more than two hours. “Swiss data center colocation company AS21217 leaked over 70,000 routes to China Telecom (AS4134) in Frankfurt, Germany. China Telecom then announced these routes on to the global internet redirecting large amounts of internet traffic destined for some of the largest European mobile networks through China Telecom’s network. Impacts were seen by some of Europe’s largest networks in Switzerland, Holland, and France among other countries.” said Doug Madory, […]

May
6
2019
Critical SSH flaw affects Nexus 9000
Cisco-vulnerabilities

The first of May, Cisco has revealed that its Nexus 9000 fabric switches have a critical flaw that could allow anyone to remotely connect to a vulnerable device using Secure Shell (SSH) and control it with root user privileges. Discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research, the issue is the presence of a default SSH key pair in all devices could be exploited by an attacker by opening an SSH connection via IPv6 to a targeted device (IPv4 is not vulnerable). Tracked as CVE-2019-1804 and featuring a CVSS score of 9.8, […]

Apr
5
2018
Cisco Smart Install Remote Code Execution
Cisco-Smart-Install-Remote-Code-Execution

At the end of March, Cisco published a stack-based buffer overflow vulnerability in Smart Install Client code. This vulnerability enables an attacker to remotely execute arbitrary code without authentication. So it allows getting full control over a vulnerable network equipment. Cisco Smart Install is a “plug-and-play” configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches. The feature allows a customer to ship a Cisco switch to any location, install it in the network, and power it on without additional configuration requirements. The Smart Install feature incorporates no authentication by design.

Feb
3
2018
Cisco WebVPN critical bug. Patch it now!
Cisco-WebVPN-critical-bug-patch-it-now

Few days ago, Cisco published a critical advisor with a score of 10/10 about ASA and Firepower devices. The vulnerability known as CVE-2018-0101 and discovered by Cedric Halbronn, Senior Researcher at NCC Group is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system. This vulnerability allows the attacker to see all of the data passing through the system and provides them with administrative privileges, enabling them to remotely […]

Oct
17
2017
WPA2 is no more secure
WPA2-is-no-more-secure

WPA2 (Wi-Fi Protected Access 2) is a network security technology commonly used on Wi-Fi wireless networks. It’s an upgrade from the original WPA technology, which was designed as a replacement for the older and much less secure WEP. WPA2 is used on all certified Wi-Fi hardware since 2006 and is based on the IEEE 802.11i technology standard for data encryption. Yesterday, researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, has officially published a series of vulnerabilities that target the session establishment and management process in WPA(1/2)-PSK and WPA(1/2)-Enterprise. I say “officially” because the first notification by this […]

Feb
8
2017
Cisco will fail after 18 months
Cisco-fail-18-months

Recently, Cisco published a critical advisory concerning a clock signal component problem. Devices that contain the faulty component could potentially fail after 18 months of use; once the component has failed, the system will stop functioning, will not boot, and is not recoverable. Cisco did not release specifics of the faulty clock part, but probably the component affected by this problem is the Intel’s Atom C2000 processor family that effectively bricks devices. There is no workaround for this issue, so the only solution is to replace products under warranty or covered by any valid services contract dated as of November 16, […]

Feb
1
2017
Cisco 2017 Annual Cybersecurity Report
Cisco-2017-Cybersecurity-Report

Cisco published the annual Cybersecurity report that presents the latest security industry advances designed to help organizations and users defend against attacks. The report also highlights major findings from the Cisco 2017 Security Capabilities Benchmark Study, which examines the security posture of enterprises and their perceptions of their preparedness to defend against attacks.

Sep
17
2015
​SYNful Knock – backdoor in Cisco devices
​SYNful-Knock-backdoor-in-Cisco-devices

Recently, Fireeye researchers have discovered a new type of malware implant in Cisco router that allows attackers to gain and keep access to these devices. The implant consists of a modified Cisco IOS image that allows the attacker to load different functional modules from the anonymity of the internet. The implant also provides unrestricted access using a secret backdoor password.

Aug
31
2015
Cisco 2015 Midyear Security Report
Cisco-2015-Midyear-Security-Report

Like every year, Cisco has released the Midyear Security Report. This paper is written to understand how attackers are evolving their techniques to evade defenses, using stealthy tactics based on agility, speed, adaptation, and even destruction. New threat intelligence and trend analysis reveal how attackers use stealthy tactics based on agility, speed, adaptation, and even destruction. During this year, adversaries continue to innovate as they slip into networks undetected and evade security measures:

Jun
27
2015
Leap Second 2015: a critical bug in NXOS
Leap-Second-2015-a-critical-bug-in-NXOS

In June 30, 2015 at 23:59:60 UTC, one minute will have 61 seconds when a leap second is added; the reason we have to add a second every now and then, is that Earth’s rotation around its own axis, is gradually slowing down, although very slowly. This will be the 26th leap second adjustment since 1972, and represents an important consideration for providers of computing, networking, and software solutions.

Pages:123456789»