Monthly Archives: March 2015
Cisco Patches IOS To Stop Automation Exploitation
FBI / ATF Spent $2.1 Million On 23 Drones That Don't Work
GE Fixes Buffer Overflow Bug in DTM Library
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as […]
Tinder hack sets heterosexual men up with each other
A hacker has discovered that the openness of Tinder’s API allowed him to set up unknowing men via a fake female profile they both believed that they were talking to.
The post Tinder hack sets heterosexual men up with each other appeared first on We Live Security.
Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication
Original release date: March 26, 2015
Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak.
US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CSI: Cyber. A Fake Cyber Security TV Series?
It was bound to happen. The latest episode in the popular CSI series had all the ingredients to be not very faithful to reality. If we already far from credible elements in the versions of Las Vegas, Miami, and New York, what can we expect from ‘CSI: Cyber’?
In this occasion, the characters are part of the FBI’s Cyber Crimes Division.
The series premiered on March 4, 2015 on USA, and a day later worldwide. The team, led by Oscar winner Patricia Arquette, work to solve computer-related cases.
The relationship between the franchise CSI and technology has never been good. After fifteen years of fiction, they still surprise us with some of the techniques used to solve crimes. Just think how do they are able to expand images and still get spectacular resolution, which in real life would be magical.
But introducing cybersecurity elements into CSI’s typical plot hasn’t improved things. As some experts in the subject had suspected, the series has enough details to pull our hairs out, and it is not very useful if you want to learn something about cybersecurity.
Just by watching the pilot episode we can verify how much ‘CSI: Cyber‘ distorts the industry reality. Spoiler alert: from here on, there might be some spoilers of the first episode!
In one of the scenes we can see two of the experts analyzing the code searching for something suspicious, and how they find it right away. No wonders: The code is written in green over a black screen except where the malware is (barely) hidden, that is in written in red.
In addition, everything happens at tremendous speed. They are able to discover the hacking of a baby monitor based on vulnerability in the manufacturer source code in just half an hour.
As if that wasn’t enough, cybercriminals have brilliant minds, and also, twisted. In the first chapter, they create such a complex encryption key that in order to remember it they had it tattooed! Typical, isn’t it?
This first chapter is peppered with many other details that drag computer security experts through the mud. For starters, the FBI’s Cyber Crimes Division is led by a psychologist (Patricia Arquette) who hunts cybercriminals driven by one bad experience she had years back.. Maybe no expert in this matter was able to lead this Division…
It is true that we have still the whole season to finally find out if ‘CSI: Cyber‘ deals with cyber security in a more realistic way than in the first episode. In the first episode the experts manage to geo-locate the suspects through just an IP address (something that maybe a good cybercriminal won’t allow), or hacking an Xbox, what else awaits us?
Something that we can actually learn from the series is the Internet of Things, something so useful that helps us monitor every aspect of our live, also carries certain risks. As soon as something is connected to the network, it is potentially vulnerable. Anything: your baby monitor, your home’s thermostat or your toothbrush.
The post CSI: Cyber. A Fake Cyber Security TV Series? appeared first on MediaCenter Panda Security.
CVE-2015-0635 (ios, ios_xe)
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.
CVE-2015-0636 (ios, ios_xe)
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293.
CVE-2015-0637 (ios, ios_xe)
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.