Connect with us

Cars

Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco has patched a high-severity bug in the web-based user interface of its IOS XE software. The flaw lets anyone on the internet stealthily break into internal networks without a password. 

This newly disclosed issue, tracked as CVE-2019-1904, can be exploited by a remote attacker using a cross-site request forgery (CSRF) attack on affected systems. 

SEE: 10 tips for new cybersecurity pros (free PDF)

Cisco IOS XE is the Linux-based version of the company’s internetworking operating system (IOS), used on numerous enterprise routers and Cisco Catalyst switches. Cisco confirmed the bug doesn’t affect IOS, IOS XR, or NX-OS variants.   

“The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link,” Cisco explains. 

In an attack scenario, a CSRF exploit could be hidden inside malicious ads, lending itself to weaponization in an exploit kit. The appeal of exploiting this flaw is that it would allow an attacker to target internal networks or admins without setting off any alarms.

An attacker who successfully exploits the flaw can perform any actions they want with the same privilege level of the affected user. 

“If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device,” Cisco warns. 

The only way to address this vulnerability is to install software updates Cisco has made available. And those updates are only available to customers with a valid Cisco license.  

The bug was discovered by researchers at Red Balloon Security, the firm that discovered Thangrycat, a dire bug disclosed in May that affected Cisco’s Trust Anchor module (TAm), a proprietary hardware security chip present in Cisco gear since 2013. 

The firm also found a separate remote code execution flaw in the web interface of IOS XE. 

While there is no workaround for the new bug, disabling the HTTP Server feature closes this attack vector and “may be a suitable mitigation” until affected devices are running a fixed version, according to Cisco.  

Cisco notes that there is proof-of-concept exploit code for this IOS XE vulnerability. However, it adds there’s no indication yet that the exploit code is publicly available. 

More on Cisco and security

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Cars

How To Earn Microsoft Reward Points While Playing Your Xbox Series X|S

Published

on

If you have an Xbox Series X or S, that means you already have a Microsoft account, and, presumably, you’ve linked the account to your console. If you haven’t, you’ll need to sign into the Microsoft account you want to use for earning rewards, so that when you play games and make purchases, the points go toward that particular email address. You can check out the points you’ve already earned, as well as various ways to earn more points, by heading over to the Microsoft Rewards user portal on the Bing website. You can also use the Microsoft Rewards app on Xbox.

If you want to grow your points by playing Xbox games, you’ll need to sign up for the Xbox Game Pass subscription, which provides customers with a large library of games they can play, as well as some other perks. Points are earned by completing quests in games that are available in the Game Pass library. Microsoft says you can view these quests in the Rewards app under the Xbox Games Pass section. If you haven’t yet downloaded the app, you can get a snapshot look at how the rewards process works on the Xbox Games Pass Quests web page.

According to Microsoft, it adds new quests to this section of the Rewards app on a daily basis. Keep in mind that you’ll need to manually head over to that part of the app when you finish a quest in order to redeem the points. Once those points have been applied to your account, however, you’ll be able to redeem them for rewards within the same app.

Continue Reading

Cars

The 1993 Aston Martin Concept Car Perfect For Any James Bond Villain

Published

on

Cream leather, chrome, white dials, and a thin-rimmed steering wheel tell the story of an Art Deco cabin modernized for the mid-1990s. The dashboard, pedals, and wheel featured extensive nickel plating, says David Dowsey, while the dashboard was made from a single piece of laminated beech wood.

According to a Discovery documentary about Lagonda — and in what must have felt thoroughly futuristic at the time — the concept featured an integrated satellite navigation system and built-in laptop computers for rear passengers (or Bond villains) to work on. A final flourish saw the car’s steering wheel move out of the way when the driver’s door was opened.

Although it would surely have been toned down for a production version, the concept’s retro interior details are reminiscent of the Jaguar S-Type that arrived in 1999. At the time, both Jaguar and Aston Martin (as well as Land Rover, Lincoln, and Volvo) were part of the Ford-owned Premier Automotive Group.

Continue Reading

Cars

Netflix And GM Have Teamed-Up For A New Super Bowl 2023 Ad Featuring Will Ferrell

Published

on

According to a press release from General Motors, the auto giant teamed up with Netflix during past championship games to show off its then-brand-new Ultium EV platform. This year, the ads feature former “Saturday Night Live” and “Talladega Nights: The Ballad of Ricky Bobby” star Will Ferrell driving around a new GMC Sierra EV in the Netflix original “Army of the Dead.” An ad also features Will Ferrell in the back of a Chevy Blazer EV in the “Squid Game” universe.

Netflix says that it’s already committed to putting as many EVs in its original programming as it can. As such, a Chevy Bolt will be present in an upcoming season of “Love is Blind,” a Bolt EUV will appear in “The Brothers Sun,” a GMC Hummer will star in “Queer Eye,” and Rob Lowe will drive around a Cadillac Lyriq in “Unstable.” 

Blatant product placement can be hit or miss, especially when it comes to a huge financial decision like a car. However, stuffing shows full of EVs with the help of GM is certainly one way to get people talking about electric cars.

Continue Reading

Trending