Connect with us

Cars

Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco has patched a high-severity bug in the web-based user interface of its IOS XE software. The flaw lets anyone on the internet stealthily break into internal networks without a password. 

This newly disclosed issue, tracked as CVE-2019-1904, can be exploited by a remote attacker using a cross-site request forgery (CSRF) attack on affected systems. 

SEE: 10 tips for new cybersecurity pros (free PDF)

Cisco IOS XE is the Linux-based version of the company’s internetworking operating system (IOS), used on numerous enterprise routers and Cisco Catalyst switches. Cisco confirmed the bug doesn’t affect IOS, IOS XR, or NX-OS variants.   

“The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link,” Cisco explains. 

In an attack scenario, a CSRF exploit could be hidden inside malicious ads, lending itself to weaponization in an exploit kit. The appeal of exploiting this flaw is that it would allow an attacker to target internal networks or admins without setting off any alarms.

An attacker who successfully exploits the flaw can perform any actions they want with the same privilege level of the affected user. 

“If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device,” Cisco warns. 

The only way to address this vulnerability is to install software updates Cisco has made available. And those updates are only available to customers with a valid Cisco license.  

The bug was discovered by researchers at Red Balloon Security, the firm that discovered Thangrycat, a dire bug disclosed in May that affected Cisco’s Trust Anchor module (TAm), a proprietary hardware security chip present in Cisco gear since 2013. 

The firm also found a separate remote code execution flaw in the web interface of IOS XE. 

While there is no workaround for the new bug, disabling the HTTP Server feature closes this attack vector and “may be a suitable mitigation” until affected devices are running a fixed version, according to Cisco.  

Cisco notes that there is proof-of-concept exploit code for this IOS XE vulnerability. However, it adds there’s no indication yet that the exploit code is publicly available. 

More on Cisco and security

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cars

Bugatti W16 Mistral Puts A $5 Million Price On The End Of An Era

Published

on

It’s set into a completely new monocoque, Bugatti opting to rework its core platform rather than simply slice off the top of the coupe’s version. The curved windshield wraps around the A-pillars and into the side glass, the top line then flowing into the huge side air intakes. At the front, there’s a sizable horseshoe grille wider than on other Chiron cars.

Two roof-mounted engine air scoops work alongside the oil cooler intakes that are mounted on the side. Separating them allowed Bugatti’s designers to leave the side section of the W16 Mistral slimmer. The scoops have also been made from a custom carbon fiber structure, each of which is strong enough to support the entire weight of the roadster should it flip.

The lighting signature is where the W16 Mistral steps most decisively away from its coupe predecessors. The front has a quad-light signature that doubles as an aero aid, pulling airflow in through the clusters and then out of the front wheel arches. At the rear, the X-theme seen first on the Bugatti Bolide has been updated, here also working as a vent for the side oil coolers.

Continue Reading

Cars

This Brand Makes The Worst Android Phones, According To 27% Of People We Polled

Published

on

Most respondents who participated in our poll seem to earnestly believe that Xiaomi makes the worst Android phones out there. More than 27% of the polled users think Xiaomi deserves this particular crown. On the face of it, the poll results seem grossly unfair towards Xiaomi, given that the company doesn’t even sell its phones to U.S. consumers. There is no denying, however, that Xiaomi needs to do a lot to change its brand perception in the U.S. if they ever plan on releasing smartphones in North America (again, that is).

With more than 21% of the votes, a virtually unknown smartphone brand for U.S. consumers comes in second place. The brand in question here is Realme — a sub-brand owned by OPPO. Realme is a very popular smartphone brand in Asia and is known mainly for its value-for-money devices that usually compete against similarly priced alternatives from Xiaomi.

Another smartphone brand that is in desperate need of a brand overhaul is Google. More than 18% of polled people thought Google makes the worst Android phones. That’s a lot of brickbats for a company behind the software that powers Android phones. The less favorable opinion seems to stem from a long list of issues that troubled the Google Pixel lineup.

Samsung and OnePlus find themselves in the last two places on this list with 17.23% and 15.54% of the votes, respectively. It could be that the other brands are simply less popular in the minds of U.S. citizens, or it could be that Samsung and OnePlus really and truly make the best Android phones — what do you think?

Continue Reading

Cars

Lincoln Model L100 Concept Is Hyper-Luxury Electrification With Wild Doors And A Disco Floor

Published

on

Certainly, the exterior of the Model L100 Concept is memorable. Lincoln describes it as “the tension between exuberant elegance and subtle restraint,” and it’s clear that aerodynamics have played a big role in deciding the overall silhouette. We’ve seen how that chase for slipperiness through the air can lead to electric cars looking like relatively amorphous blobs, though that’s something Lincoln manages to avoid.

Instead, it plays with light, glass, and scale. The Model L100 Concept hunkers low to the ground, with a glass panoramic roof and reverse-hinged doors to add drama as well as make entering and exiting more straightforward. Sensors track the owner’s approach, meanwhile, with the promise of a curated light show both outside and inside. Then, the doors — which extend all the way back to the rear bumper — gape outward, while the entire glass roof section lifts up.

The concept is finished with a satin digital ceramic tricot metallic paint, shifting between cool blue and soft white. Instead of the traditional chrome, frosted acrylic has been used as a more sustainable alternative. The whole floor of the cabin, meanwhile, is one big digital panel capable of showing shifting graphics, colors, and patterns. 

Continue Reading

Trending