When Cisco released a patch for several of its security appliances Thursday that eliminated the presence of hard-coded SSH host and private keys, the advisory had a distinct air of familiarity about it. That’s because the company released a patch for the same problem in one of its other major products almost exactly one year ago.
Tag Archives: Web Security
Default SSH Key Found in Many Cisco Security Appliances
Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability. This bug is […]
Stored XSS Flaw Patched in Thycotic Secret Server
Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim’s stored passwords. The vulnerability is in the company’s Secret Server product, which is designed to provide password management for enterprises. Marco Delai, a researcher at […]
Facebook Hires Ex-Yahoo CISO Alex Stamos
Facebook has hired away the top security executive at Yahoo, Alex Stamos, to become the company’s new CSO. Stamos said Wednesday that he is joining Facebook because he believes the company is in the best position to address some of the large security challenges facing users and companies right now. “There is no company in […]
Details Available on Patched Adobe, Windows Font Vulnerabilities
Details have been disclosed on a patched Adobe Type Manager Font Driver flaw that could enable takeover of a number of systems supporting modern font engines.
Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates
A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services.
Facebook Helps Combat Apple XARA Vulnerabilities With Osquery
Facebook have added the ability for organizations to detect if their OS X system is being exploited by XARA with their framework osquery.
Emergency Adobe Flash Patch Fixes Zero Day Under Attack
Adobe released an emergency patch for a Flash zero day used in targeted attacks by APT3, the same group behind 2014’s Clandestine Fox attacks.
FBI Says Cryptowall Cost Victims $18 Million Since 2014
In a little more than a year, consumers affected by the Cryptowall ransomware have reported to the FBI more than $18 million in losses related to infections from the malware. Cryptowall is among the group of ransomware families that encrypt the files on victims’ computers and then demands a ransom in order to obtain the […]
TCP Vulnerability Haunts Wind River VxWorks Embedded OS
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water, […]