Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Device Security. Show all posts
Technology
Cyber Threats Risk Cyberattacks CyberCrime Device Security Hackers Hacking Rises Internet IoT Operatinoal Technology Technology

Unveiling the Underbelly of IoT: An In-Depth Analysis of Hacking Risks

 


In terms of versatility, the Internet of Things (IoT) is a technology that is easily one of the most versatile technologies in the world today. In the era of the internet, the network connection capacity is increasing and the number and diversity of connected devices are enabling the IoT to be scaled and adapted to meet the changing needs of the user. Among the industries the Internet of Things (IoT) has revolutionized are several sectors such as food production, manufacturing, finance, healthcare, and energy. 

Furthermore, it has led to the development of smart buildings, homes, and even cities at the same time. Generally, IoT attacks are malicious attempts to exploit vulnerabilities in devices connected to the internet, for example, smart homes, industrial control systems, and medical devices. There is a possibility that hackers may gain control of the device, steal sensitive information from it, or use the device as part of a botnet to accomplish other malicious acts. 

The term "IoT hacking" is frequently used by researchers to describe the process of removing gadgets, examining their software, and learning how they work. However, there are more challenges involved with IoT hacking than just technical ones. Cyber threats are evolving to reveal a world of virtual battles that go on behind the scenes. Hackers are increasingly targeting IoT (Internet of Things) and OT (Operational Technology) systems, which are extremely important for the future. 

In addition to tech gadgets, they are also the foundation for many services that keep us running in our society and economy. Hackers are not just messing with machines when they target these systems, they are threatening the very services that nations rely on every day. IoT devices can introduce several new and preventable attack vectors when not properly secured. Researchers who work in cybersecurity keep showing that critical systems are being attacked more frequently than they realize.

The risks are not that complicated to identify and understand, for example, operating systems that are not patched or insecure passwords that make it easy for brute force attackers to find them. A security team must take into account both simple and complex risk factors specific to the world of IoT to manage the operational reliance on these devices in virtually every industry. There are a few security risks and attacks associated with IoT that people should be aware of. 

Botnets 

Since IoT devices have no built-in security mechanisms, they are particularly vulnerable to malware attacks compared to more advanced machines and computers that have these security mechanisms. In general, they are machines that are primarily focused on functionality, which means they usually do not provide the same level of storage space or processing power that computers offer. In light of this, attackers tend to view IoT devices as a low-hanging fruit attack vector that they can easily attack. 

IoT devices should be secured properly to protect them from botnets, and to prevent them from getting into the wrong hands. Companies must keep a plan in place to detect and respond to DDoS attacks, as well as to change default passwords, keep firmware up to date, and limit access to the device. 

Ransomware 

While IoT devices do not typically store valuable data locally, that doesn’t mean they are immune to ransomware attacks. Instead of threatening an organization with a ransom payment, ransomware attacks on IoT devices usually disable their core functionality instead of stealing information. Possibly the best way to accomplish that is to shut down the operation of an industrial device, without which fundamental business operations would not be possible, or to stop the recording of the feed being monitored by a camera or microphone. 

Several security flaws in IoT devices can affect companies. One of the researchers' keen-eyed researchers discovered that a big security hole existed in a popular broadcasting device that sent audio over the internet. It's important to note that the researchers did the right thing, and notified the device manufacturer that the problem was caused by an OS Command Injection, which is a serious issue because hackers can take control of a device by doing so. This was done by researchers who did the right thing since it was an OS Command Injection. 

There was a problem with the software on the device, and they were trying to fix it by updating it so that someone from the outside would not be able to exploit it anymore. Companies often take quick measures to fix security gaps when they find out about them. The problems these companies have faced are similar to putting band-aids on a wound without actually treating it. 

Many people have witnessed how a company patched a device so that it looked safe from the outside, but the same problems were still there once people got inside. In some cases, fixes do not solve the problem. They just hide it and do not take care of it. As a result, it is as if one locks the front door and leaves the back door wide open at the same time. 

In today's digital world, ensuring the safety of the IoT world cannot be done by one individual. For this to work, it needs to be a team effort between the manufacturers, security experts, and even the government itself. The biggest priorities should be setting strict security rules, being open about the problems they find, and helping all of the people in the organization understand how they can be protected. 

As people move through the tricky territory of this online and offline world, they must do a lot more to look after the two worlds simultaneously to get the best outcome. To make sure that their connected devices are protected and managed effectively, they must be proactive and take an all-in approach.
Read more »
Vulnerabilities and Exploits
cyber threat Device Security Linux Malware Attack Vulnerabilities and Exploits

Shim Bug Uncovered: A Ten-Year Security Breach in Linux Boot Loaders

 

In the dynamic realm of cybersecurity, discovering a significant flaw in every Linux boot loader signed in the past decade has underscored the pervasive nature of potential threats. This blog explores the intricacies of the Shim bug, its implications for Linux systems, and the urgent response required to mitigate its impact. 

The Shim bug, a critical vulnerability affecting Linux boot loaders, has sent security experts into a heightened state of alert. The flaw lies in the code of the Shim bootloader, a crucial component in the Secure Boot process designed to ensure the integrity of the boot sequence. The bug itself has silently persisted for an astounding ten years, evading detection until now. 

The far-reaching impact of the Shim bug cannot be overstated, as it compromises the security of every Linux boot loader signed over the past decade. Secure Boot, a fundamental security feature, is designed to prevent the loading of unsigned or malicious code during the boot process. However, this vulnerability allows threat actors to bypass these protections, opening the door to unauthorized access, malware injection, and other malicious activities. 

The longevity of the Shim bug's existence without detection raises questions about the efficacy of current security measures and the challenges inherent in identifying hidden vulnerabilities. Its discovery highlights the need for ongoing scrutiny, even of well-established and seemingly secure components within the Linux ecosystem. 

Addressing the Shim bug requires a swift and coordinated response from the Linux community. Developers and maintainers work diligently to release patches and updates addressing the vulnerability. Additionally, Linux users are urged to update their systems promptly, applying the necessary patches to safeguard their devices from potential exploitation. 

The Shim bug emphasizes the collaborative nature of the open-source community, where rapid identification and response to vulnerabilities are paramount. Developers, security experts, and Linux users alike must work in unison to fortify the security infrastructure of the operating system and ensure a resilient defence against emerging threats. 

The discovery of the Shim bug serves as a poignant reminder of the ever-evolving threat landscape and the importance of continuous vigilance in cybersecurity. It prompts a reevaluation of existing security practices, encouraging the adoption of proactive measures to detect and address vulnerabilities before they become decade-long silent menaces. 

As the Linux community grapples with the repercussions of the Shim bug, the broader cybersecurity landscape is reminded of the persistent challenges in securing complex systems. The discovery and swift response to such critical vulnerabilities are integral to maintaining the integrity and trustworthiness of open-source platforms like Linux. The lessons learned from the Shim bug should fuel ongoing efforts to fortify security measures, ensuring a resilient defence against future threats in the ever-changing realm of cybersecurity.
Read more »
System Vulnerability
Atlassian Confluence Server Cyber Security Device Security System Vulnerability

Critical Flaw in Atlassian's Confluence Server Allows Hackers to Run Commands


According to experts, a severe flaw in Atlassian's Confluence corporate server program that permits malicious commands and resets servers is actively exploited by threat actors in cyber attacks that install ransomware.

Glenn Thorpe, senior director of security research and detection engineering at GreyNoise, said on Mastodon on Sunday, "Widespread exploitation of the CVE-2023-22518 authentication bypass vulnerability in Atlassian Confluence Server has begun, posing a risk of significant data loss."  He continued, "So far, the attacking IPs all include Ukraine in their target."

He referred to a page that showed three separate IP addresses that began exploiting the major vulnerability, which allows attackers to restore a database and execute malicious commands, between 12 a.m. and 8 a.m. Sunday UTC (about 5 p.m. Saturday to 1 a.m. Sunday Pacific Time). The IPs have now discontinued the attacks, but he believes the exploits are still active.

It just takes one request

The DFIR Report posted screenshots of data collected while witnessing the attacks. One revealed a demand from the C3RB3R ransomware organization.

Meanwhile, security firms Rapid7 and Tenable confirmed that attacks began over the weekend as well.

Business researchers Daniel Lydon and Conor Quinn  said "As of November 5, 2023, Rapid7 Managed Detection and Response (MDR) is observing Atlassian Confluence exploitation in multiple customer environments, including for ransomware deployment." They continued "We have confirmed that at least some of the exploits target CVE-2023-22518, a Confluence Data Center and Confluence Server improper authorization vulnerability."

The discovery 

Rapid7 discovered exploits that were basically the same across different situations, indicating "mass exploitation" of on-premises Confluence servers. "In various exploit chains, Rapid7 saw post-exploitation command execution for downloading a malicious payload located at 193.43.72[.]11 and/or 193.176.179[.]41, which, if effective, resulted in single-system Cerber ransomware installation on the exploited Confluence server."

CVE-2023-22518 is known for a vulnerability in wrong authorization that can be abused on Internet-facing Confluence servers via tailored requests to setup-restore endpoints. Atlassian's cloud infrastructure does not affect Confluence accounts. Atlassian exposed the flaw in a blog post last Tuesday. Atlassian Chief Information Security Officer Bala Sathiamurthy cautioned in it that the flaw can end in "critical data loss if exploited" and that "users must take action right away to secure their cases."

What next?

Atlassian updated the post on Thursday to say that many reports released in the interim days offered "critical information about the vulnerability, which raises the possibility of exploitation." The update seemed to be connected to blogs like this one, which provided the findings of an analysis that contrasted the susceptible and fixed versions in order to pinpoint technical information. Another possible source was a Mastodon post:

“Just one request is all it takes to reset the server and gain admin access,” the post said in a video showing how the exploit works.

Atlassian updated the page again on Friday, stating that active exploitation was occurring. "Customers must take immediate action to protect their instances," said the statement.

Threat groups are likely racing to capitalize on the vulnerability before targets patch it now that word has spread that attacks are simple and effective. Any organization that has an on-premises Confluence server that is accessible to the Internet should fix quickly, and if that isn't possible, remove it from the Internet temporarily. Another riskier solution would be to turn off the following endpoints:

For nearly a week, Atlassian's senior management has practically begged affected customers to fix. Vulnerable organizations dismiss suggestions at their own risk.

Read more »
USB security
airport safety Cybersecurity Data protection Device Security Digital threats malware prevention Tech Safety travel awareness travel tips USB security

Stay Informed: A Guide to 'Juice Jacking' Risks Before Your Next Airport Journey

 

While it might be amusing to imagine "juice jacking" as a playful term for enjoying complimentary beverages at your hotel's juice bar, the reality is far from lighthearted. 

The FBI has recently released a travel advisory alerting passengers to the threat of "juice jacking," a novel form of cybercrime emerging in both national and international airports. The concept revolves around the unauthorized access of travelers' data through USB ports commonly found at charging stations within airport premises.

Unsuspecting travelers seeking a quick battery recharge might innocently connect their smartphones or tablets to these charging points, only to fall victim to malware that has been surreptitiously implanted into these ports. 

This malicious software can either lock users out of their devices or stealthily extract personal information, including sensitive passwords. Essentially, this situation equates to handing over your device directly to a cybercriminal. 

The ramifications are substantial, enabling attackers to exploit online accounts, from bank information to social media profiles, photographs, and private messages, potentially even resorting to blackmail.

However, amid this ominous backdrop, it's important to acknowledge that practical solutions exist to mitigate these risks. While we don't propose avoiding airport charging ports altogether, it is crucial to exercise vigilance regarding the type of charger you employ. Adopting safe charging practices can help safeguard your devices and data.

Adopting Safe Charging Practices While on the Move:

Despite the fact that instances of actual "juice jacking" have yet to be officially reported, the potential threat remains a genuine concern for travelers. Fortunately, a few simple measures can serve a dual purpose: shielding your data and maintaining your device's charge. 

The most straightforward approach involves bypassing USB charging ports altogether and opting for conventional AC power outlets. The inherent design of these outlets prevents data transmission, rendering them a secure choice. Nonetheless, it's worth noting that the availability and functionality of these outlets at airports can be unpredictable.

In cases where AC power outlets are scarce or unreliable, a portable charger presents a viable alternative. These devices ensure a continuous power supply for essential gadgets, and they boast a significant advantage: they are impervious to data transfers, guaranteeing your security.

Moreover, charge-only cables are commercially available and can be utilized to further mitigate risks. Nevertheless, cautiousness remains vital even with such cables. If you encounter prompts requesting data sharing or device trust upon plugging into a USB port, the best course of action is to unplug immediately and seek an alternative port.

Responding to a Data Breach:

If a breach occur due to utilizing a compromised USB port, swift action is imperative. Disconnect your phone from the port without delay. And,0 if your device remains under your control, promptly proceed to change passwords for critical accounts, including email, banking, credit cards, and social media. Implementing two-factor authentication for these accounts, if not already in place, is advisable at this juncture.

Conduct a thorough review of your device and uninstall any applications not downloaded directly by you. If unauthorized charges appear on your financial accounts, promptly notify your bank or credit card provider to initiate charge disputes and freeze your accounts until the matter is resolved.

In scenarios where you suspect continued unauthorized access to your phone after disconnecting from the port, your last resort involves performing a complete factory reset. While not an ideal outcome, this step eradicates files and applications from your device, ensuring the safety of any unreached information.

In conclusion, while the prospect of "juice jacking" may sound whimsical, the associated risks are decidedly grave. 

By adopting cautious charging habits and implementing swift corrective measures in the event of a breach, travelers can minimize vulnerabilities and protect their data and devices from this evolving cyber threat.l
Read more »
Vulnerabilities and Exploits
Device Security Insights Mass Exploitation Mass Exploits Vulnerabilities and Exploits

Mass Exploits 2022: A Report Covering Most Dangerous Threats


What is the "Year of Mass Exploits?'

Experts at GreyNoise Intelligence have added more than 230 tags since January 1, 2022. It includes detections for more than 160 CVEs. In its annual report titled GreyNoise Intelligence 2022 "Year of Mass Exploits," the experts have identified 2022's most "pernicious and pwnable" vulnerabilities, in other words, the most significant threats. 

Bob Rudis, VP of Research & Data Science, GreyNoise Intelligence said “when it comes to cybersecurity, not all vulnerabilities are created equal, and many of the ones that garner media attention actually turn out to be insignificant.” 

 Log4j remote code execution

Activities around the Log4j remote code execution flaw surfaced at the end of 2021, kept the operations running, and has been active in regular web-based malicious activities, along with a group of other "celebrity vulnerabilities." 

In the earlier phase of exploitation, every single noise sensor (more than six hundred sensors handle from more than 5000 internship IPs) fielded Log4j exploit traffic, taking around one million attempts in just the first week. Threat actors keep looking for newly exposed, vulnerable nodes, and also for nodes that may have by mistake had fixes or patches removed. 

OGNL injection weakness

The Atlassian Confluence Object Graph Notation Library (OGNL) injection vulnerability was unique as it gave anyone unauthorized access to any query. Confluence is the knowledgeable repository of endless organizations. Because the API endpoint handles input in a certain way, cunning threat actors used different techniques to obscure exploit payloads. 

At the peak of hacking attempts, the GreyNoise sensor network found around 1,000 unique IPs looking for exposed vulnerable codes. GreyNoise saw an average of almost 20 unique addresses in hopes of unpatched Confluence incidents. 

For the Year of Mass Exploits 2022, experts have provided insights into the following areas:

  1. The impact of CISA's known exploited vulnerability catalog releases on security firms
  2. The celebrity vulnerability hype cycle, with a breakdown of the CVE-2022-1388, an F5 Big-IP iControl REST authentication bypass
  3. The amount of effort threat actors will put to never let a critical flaw go to waste by looking at the depth and width of CVE-2022-26134, a significant flaw in Atlassian Confluence. 

Besides the in-depth information about the most dangerous threat detection events of 2022, the report gives predictions for 2023 from Bob Rudis, GreyNoise VP of Data Science.

Organizations can expect regular web-based hacking attempts

Bob Rudis says “we see Log4j attack payloads every day. It’s part of the new ‘background noise’ of the internet, and the exploit code has been baked into numerous kits used by adversaries of every level. It’s very low risk for attackers to look for newly-exposed or re-exposed hosts, with the weakness unpatched or unmitigated. This means organizations must continue to be deliberate and diligent when placing services on the internet."

The rise in post-initial access internal threats

Rudis adds, “CISA’s database of software affected by the Log4j weakness stopped receiving regular updates earlier this year. The last update showed either ‘Unknown’ or ‘Affected’ status for ~35% (~1,550) of products cataloged. Attackers know that existing products have embedded Log4j weaknesses, and have already used the exploit in ransomware campaigns. If you have not yet dealt with your internal Log4j patching, early 2023 would be a good time to do so."

Log4J-centric attacks may target organizations

Rudis concludes, “organizations have to strive for perfection, while attackers need only persistence and luck to find that one device or service that is still exposing a weakness. We will see more organizations impacted by this, and it is vital you do what you can to ensure yours isn’t one of them."


Read more »
User Security
Device Security Network Security Sludge Technology User Security

Sludge: A Security Measure That Can Cause Problem to Hackers and Save a Network


What is Sludge and how does it prevent cyberattacks?

Threat actors can be stopped from attacking networks when minor modifications are done to make their campaigns more problematic. The suggestion comes from the latest research by info sex experts at NSA (National Security Agency), Fastly, and John Hopkins University. The paper titled "Sludge for Good: Slowing and Imposing Costs on Cyber Attackers" explains various small security measures and network conditions that make a technical red tape and can probably slow down the data collection and exfiltration process.  

The paper explaining cyber sludge during operations said:

"three events over the past three years have illustrated actions consistent with slowing cyber attackers using sludge: defense of the 2020 U.S. elections, counter-ransomware efforts, and responses to Russia’s invasion of Ukraine. In this section, we describe how these examples demonstrate and achieve sludge-like impacts. Sludge was not inevitable for any of these events. The cybersecurity community in the public and private sectors could have exclusively pursued zero tolerance and complete elimination of the problems using technical and non-technical solutions. Instead, these examples offer support that slowing the adversary was a component of the strategy."

Sludge can cause problems for hackers and waste their time

The concept of sludge became popular in 2021 from a book by legal scholar Cass Sunstein. The idea, according to the authors, is not to openly prevent an attack, but instead, offer enough obstacles and inconveniences in the way to waste the time of any individual who attempts to attack the network. 

To this date, the majority of the cyber defenses have been designed to be usually effective and strong and remove or stop threat actors as soon as possible. The experts have laid out an approach where they deploy defenses that want to increase the usage of hackers' resources and time while trying to make as little harm as possible to the victim. 

How does Sludge work?

In reality, the sludge can take the form of anything from honeypot machines to login banners and fake databases- anything that will waste the time and resources of a potential hacker and save a network from the threat of any compromise. Some of the potential techniques are multiple verification needs, compulsory acknowledgments, and usage of cloud instances to make temporary infrastructure that hackers can't exploit for continuous access. 

The experts accepted that these steps will also make it easy for users that want genuine access. However, they also said that administrators can modify changes or workarounds that helped actual users while still causing inconvenience to hackers. 

Cybersecurity experts mostly aim to reduce their recovery time period, failure rates, and lead times. If threat actors attack likewise, sludge can be used to tactically increase negative results. 



Read more »
Vulnerability and Exploits
data security Device Security HPE Vulnerability and Exploits

How vulnerability in Brocade Might Affect Major Companies


Broadcom disclosed that few softwares made by Brocade, its storage network subsidiary, is hit by various vulnerabilities, and the exploits can affect the products of various big companies. A similar incident happened with HPE earlier this year.

How does the vulnerability impact?

The Brocade SAN (storage area network) management app is impacted by 9 flaws, the patches are available for these security holes. 

Six vulnerabilities affect third-party products like Open SSL, Oracle Java, and NGINX, these are rated "medium severity" and "low severity."

A hacker can exploit these vulnerabilities (unauthorised attacker) and modify data, decode data, and make a Denial of Service (DoS) situation. 

The other three vulnerabilities are limited to Brocade SANnav, these are given "high" severity risk and impact ratings. 

The vulnerabilities let a hacker access switch and server passwords from log files, and hack potential sensitive info via static key ciphers.

About the vulnerability

The security flaws (CVE-2022-28167, CVE-2022-28168 and CVE-2022-28166) were discovered internally and currently no use of the exploit in the wild has been found. 

But the storage solutions of several companies that collaborate with Brocade can be impacted by these flaws. 

HPE in its advisory told the customers that the company's B series SANNav Management Portal is impacted by the exploits and suggested the customers to install the latest updates. 

The flaws can be exploited locally and remotely to leak sensitive info, attempt unauthorised access and modify data cause partial Denial of Service.

Other info related to Brocade vulnerability 

Another Brocade partner NetApp released individual advisories for the Brocade specific SANNav vulnerabilities. The NetApp products have not been affected. Brocade also partners with other big tech companies for storage solutions that include Huawei, Dell, Lenovo, IBM and Fujitsu. 

Security Week says "one of the other Brocade OEM partners appear to have published advisories for the SANnav vulnerabilities so it’s unclear if their products are also impacted. In the past, at least some of them did publish advisories to notify their customers about SANnav flaws."









Read more »
Malware Campaign
CMS Device Security JavaScript malware Malware attacks Malware Campaign

Experts Find Malware Controlling Thousands of Websites in Parrot TDS Network

The Parrot traffic direction system (TDS) that surfaced recently had a huge impact than what was thought earlier, research suggests. The malware affected more than 61,000 websites and was one of the top infections. Parrot TDS was first identified in April 2022 by cybersecurity company Avast, the PHP script had affected web servers that hosted more than 16,500 websites, acting as a gateway for future malware campaigns. It includes appending a part of infected code to all JavaScript files on affected web servers that host content management systems (CMS) like WordPress, these are attacked because of their weak login credentials and flawed plugins. 

"In 2021 alone, Sucuri said it removed Parrot TDS from nearly 20 million JavaScript files found on infected sites. In the first five months of 2022, over 2,900 PHP and 1.64 million JavaScript files have been observed containing the malware," reports The Hacker News. Alongside the use of sneaky techniques to hide the code, the "injected JavaScript may also be found well indented so that it looks less suspicious to a casual observer," said Denis Sinegubko, expert at Sucuri says. 

The aim of the JavaScript code is to jump-start the second phase of the attack, to deploy a PHP script that has been already injected on the server and is built to obtain information about website visitor, (for ex- IPs, browser, referrer, etc.) and send the details to a remote server. The third phase of the attack surfaces as a Javascript code, it works as a traffic direction system to find out the specific payload to send for a particular user based on the data which was shared in the second stage. 

When the TDS has confirmed the eligibility of a particular site visitor, the NDSX script deploys the final payload through a third-party website. The mostly used third-stage malware is a JavaScript downloader called FakeUpdates. 

"The NDSW malware campaign is extremely successful because it uses a versatile exploitation toolkit that constantly adds new disclosed and 0-day vulnerabilities. Once the bad actor has gained unauthorized access to the environment, they add various backdoors and CMS admin users to maintain access to the compromised website long after the original vulnerability is closed," said Sinegubko.

Read more »
Vulnerable Networks
Bug Cisco Cloud Security Critical Flaws Device Security iOS Security flaw Vulnerabilities and Exploits Vulnerable Networks

Cisco SD-WAN Security Flaw Allows Root Code Execution

 

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation flaw in the IOS IE operating system, which could result in arbitrary code execution. 

Cisco's SD-WAN portfolio enables enterprises of all sizes to link different office sites over the cloud utilising a variety of networking technologies, including standard internet connections. Appliances at each location allow advanced analytics, monitoring, application-specific performance specifications and automation throughout a company's wide-area network. Meanwhile, IOS XE is the vendor's operating system that runs those appliances. 

The vulnerability (CVE-2021-1529) is an OS command-injection flaw that allows attackers to execute unexpected, harmful instructions directly on the operating system that would otherwise be inaccessible. It exists especially in the command-line interface (CLI) for Cisco's IOS XE SD-WAN software, and it could permit an authenticated, local attacker to run arbitrary commands with root privileges. 

According to Cisco’s advisory, posted this week, “The vulnerability is due to insufficient input validation by the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.” 

The alert further stated that the exploit method would comprise authenticating to a susceptible device and delivering "crafted input" to the system CLI. An attacker with successful compromise would be able to read and write any files on the system, execute operations as any user, modify system configurations, install and uninstall software, update the OS and/or firmware, and much more, including subsequent access to a corporate network. 

CVE-2021-1529 has a rating of 7.8 on the CVSS vulnerability-severity scale, and researchers and the Cybersecurity and Infrastructure Security Agency (CISA) have advised organisations to fix the problem as soon as possible. 

Greg Fitzgerald, the co-founder of Sevco Security, cautioned that some firms may still have outdated machines connected to their networks, which might provide a hidden threat with issues like these. 

He stated in the email, “The vast majority of organizations do an excellent job patching the vulnerabilities on the systems they know about. The problem arises when enterprises do not have complete visibility into their asset inventory, because even the most responsive IT and security teams can’t patch a vulnerability for an asset they don’t know is connected to their network. Abandoned and unknown IT assets are often the path of least resistance for malicious actors trying to access your network or data.”

This is solely the latest SD-WAN vulnerability addressed by Cisco this year. It patched many significant buffer-overflow and command-injection SD-WAN flaws in January, the most serious of which could be abused by an unauthenticated, remote attacker to execute arbitrary code with root privileges on the affected server.
Read more »
Subscribe to: Posts (Atom)