The first stop for security news Threatpost

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in theprivacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

One Year After WannaCry: A Fundamentally Changed Threat Landscape

Cisco Systems patched three bugs on Wednesday that are rated critical, tied to its Digital Network Architecture (DNA) Center platform.

Bug Bounty Programs Turn Attention to Data Abuse

This field is for validation purposes and should be left unchanged.

macOS QuickLook Feature Leaks Data Despite Encrypted Drive

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates, wrote the United States National Cybersecurity and Communications Integration Center, in analert released Wednesday regarding the bugs.

Cisco credits its own security team for finding the bugs.

Join thousands of people who receive the latest breaking cybersecurity news every day.

One of the critical bugs (CVE-2018-0271) could allow an unauthenticated, remote attacker to bypass authentication and access critical services, according to Cisco. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could exploit this vulnerability by submitting a crafted URL designed to exploit the issue. A successful exploit could allow the attacker to gain unauthenticated access to critical services, resulting in elevated privileges in DNA Center.

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Samsung Investigates Claims of Spontaneous Texting of Images to Contacts

This iframe contains the logic required to handle Ajax powered Gravity Forms.

When It Comes To IoT Security, Liability Is Muddled

As for the vulnerabilities rated high, these include a Linux shell access vulnerability (CVE-2018-0279) tied to Ciscos network function virtualization infrastructure software; a cross-site forgery bug (CVE-2018-0270) in its IoT Field Network Director platform; a certificate validation bug (CVE-2018-0277) used in the companys Identity Services Engine; and a denial of service vulnerability (CVE-2018-0280) related to the Cisco Meeting Server.

Join thousands of people who receive the latest breaking cybersecurity news every day.

The company urges customers to patch three vulnerabilities that received the highest severity rating of 10.

Cisco also warned of four additional vulnerabilities each rated high. All of the vulnerabilities have available patches for mitigation.

WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches

I agree to receive information and commercial offers

Researchers said over a dozen malicious docker images available on Docker Hub allowed hackers to earn $90,000 in cryptojacking profits.

Cisco releases 22 patches as part of its semiannual Cisco IOS and IOS XE software security advisory.

The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software, Cisco wrote. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges.

Default configuration of WDs My Cloud storage device keeps port open for unprivileged data exfiltration within a network.

All three of the critical vulnerabilities received a Common Vulnerability Scoring System rating of 10, the highest possible warning. Each could allow an unauthenticated and remote attacker to bypass Ciscos authentication checks and attack core functions of the DNA platform, which was introduced in 2016. DNA has been touted as a move away from the companys hardware-centric business towards one more reliant on software and services; its an open, software-driven architecture focused on automation, virtualization, analytics and managed services.

Voice-Squatting Turns Alexa, Google Home into Silent Spies

A second critical vulnerability (CVE-2018-0222) could allow an unauthenticated, remote attacker to log in Ciscos DNA services using an administrative account that has default and static user credentials.

I agree to my personal data being stored and used to receive the newsletter

Get the latest breaking news delivered daily to your inbox.

Lastly, Cisco is warning of a critical, unauthorized access flaw (CVE-2018-0268) that could allow a successful adversary to completely compromise of a targeted Kubernetes container management subsystem within DNA Center.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in theprivacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Notify me when new comments are added.

The first stop for security news Threatpost

Leave a Reply