Cisco warns WLAN controller, 9000 series router and IOS/XE users to patch urgent security holes

Cisco this week issued 31 security advisories but directed customer attention to “critical” patches for its IOS and IOS XE Software Cluster Management and IOS software for Cisco ASR 9000 Series routers. A number of other vulnerabilities also need attention if customers are running Cisco Wireless LAN Controllers.The first critical patch has to do with a vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to send malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device, Cisco said.To read this article in full, please click here READ MORE HERE…

Read more

This Week in Security News: Medical Malware and Monitor Hacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware. Read on: Is Your Baby Monitor…
The post This Week in Security News: Medical Malware and Monitor Hacks appeared first on . Read More HERE…

Read more

Cisco Talos details exceptionally dangerous DNS hijacking attack

Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated.
More about DNS:
DNS in the cloud: Why and why not
DNS over HTTPS seeks to make internet use more private
How to protect your infrastructure from DNS cache poisoning
ICANN housecleaning revokes old DNS security key

By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported. To read this article in full, please click here READ MORE HERE…

Read more

What Did We Learn from the Global GPS Collapse?

On April 6, 2019, a ten-bit counter rolled over. The counter, a component of many older satellites, marks the weeks since Jan 1, 1980. It rolled over once before, in the fall of 1999. That event was inconsequential because few complex systems relied on GPS. Now, more systems rely on accurate time and position data:…
The post What Did We Learn from the Global GPS Collapse? appeared first on . Read More HERE…

Read more

Continuing Education On Cyber Threats And Defenses

Anyone who has been in cybersecurity for any length of time knows, the threat landscape is constantly changing and requires regularly monitoring of news, blogs, podcasts, and other ways to ensure you know what is happening today. I have tried to bring this information to the public since starting my monthly threat webinar series in…
The post Continuing Education On Cyber Threats And Defenses appeared first on . Read More HERE…

Read more

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user’s system. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon’s CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.To read this article in full, please click here READ MORE HERE…

Read more