Connect with us

Cars

Cisco: These Wi-Fi access points are easily owned by remote hackers, so patch now

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Hackers from afar can mess around with Cisco’s Aironet industrial and business Wi-Fi access points because the devices have flawed URL access controls, Cisco has warned customers. 

The critical Aironet flaw has been assigned the identified CVE-2019-15260 and has a CVSS v3 score of 9.8 out of 10. 

The bug affects several Aironet product lines, including access points for industrial customers. It can be exploited by a remote attacker without the correct credentials, who could then tamper with device settings with elevated privileges or view sensitive corporate information. 

Cisco hasn’t divulged much information about the flaw, but the company admits that affected Aironet Wi-Fi boxes don’t currently implement sufficiently strong access controls for “certain URLs”. The attacker could exploit the bug by requesting “specific URLs” from the affected access point.

If an attacker successfully exploits the flaw, they could change the device’s network configuration, as well as potentially knock out the device and cause a denial of service on computer equipment connected to it. 

“An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration,” said Cisco. 

Affected product lines include the Aironet 1540 series, 1560 series, 1800 series, 2800 series, 3800 series, and 4800 access points. 

Cisco notes that there are no workarounds for this issue, so the only option to secure the devices is to install a fixed release. 

Cisco also cautions customers that when attempting to install fixed software, they should treat the critical flaw as part of a collection of fixes.

This collection includes two more high-severity denial-of-service flaws affecting Aironet software – CVE-2019-15264 and CVE-2019-15261 – and one high-severity denial-of-service vulnerability, CVE-2019-15262, in the Secure Shell session management for the Cisco Wireless LAN Controller software. 

At present Cisco isn’t aware of any attempts to exploit the bugs and they were all discovered while Cisco was handling a customer-support query.

More on Cisco and networking security

  • Cisco warning: These routers running IOS have 9.9/10-severity security flaw
  • Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw  
  • Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
  • New Cisco critical bugs: 9.8/10-severity Nexus security flaws need urgent update
  • Cisco critical-flaw warning: These two bugs in our data-center gear need patching now
  • Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads
  • Thrangrycat flaw lets attackers plant persistent backdoors on Cisco gear
  • Cisco’s warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches
  • Cisco warns over critical router flaw
  • Cisco: These are the flaws DNS hijackers are using in their attacks
  • Cisco bungled RV320/RV325 patches, routers still exposed to hacks
  • Cisco tells Nexus switch owners to disable POAP feature for security reasons
  • Cisco: Patch routers now against massive 9.8/10-severity security hole
  • How to improve cybersecurity for your business: 6 tips TechRepublic
  • New cybersecurity tool lets companies Google their systems for hackers CNET


  • Source link

    Continue Reading
    Click to comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Cars

    Waymo recreated fatal crashes putting its software at the wheel – Here’s how it did

    Published

    on

    Waymo is tackling the safety issue of autonomous vehicles head-on, using simulations to replay fatal crashes but replacing the human driver involved with the Alphabet company’s software, to show what the Waymo Driver would’ve done differently. The research looked at every fatal accident recorded in Chandler, Arizona – where the Waymo One driverless car-hailing service currently operates – between 2008 and 2017.

    “We excluded crashes that didn’t match situations that the Waymo Driver would face in the real world today, such as when crashes occurred outside of our current operating domain,” Trent Victor, Director of Safety Research and Best Practices at Waymo, explains. “Then, the data was used to carefully reconstruct each crash using best-practice methods. Once we had the reconstructions, we simulated how the Waymo Driver might have performed in each scenario.”

    In total, there were 72 different simulations that the system needed to handle. In those where there were two cars involved, Waymo modeled each in two ways. First, where the Waymo Driver was in control of the “initiator” vehicle, which initiated the crash, and then again with it as the “responder” vehicle, which responds to the initiator’s actions. That took the total to 91 simulations.

    The Waymo Driver avoided every crash as initiator – a total of 52 simulations – Waymo says. That was mainly down to the computer following the rules of the road that human drivers in the actual crashes did not, such as avoiding speeding, maintaining a gap with other traffic, and not running through red lights or failing to yield appropriately.

    On the flip side, where the Waymo Driver was the responder, it managed to avoid 82-percent of the crashes in the simulations. According to Waymo’s Victor, “in the vast majority of events, it did so with smooth, consistent driving – without the need to brake hard or make an urgent evasive response.”

    In a further 10-percent of the simulations, the Waymo Driver was able to take action to mitigate the crash’s severity. There, the driver was 1.3-15x less likely to sustain a serious injury, Waymo calculates.

    Finally, in the remaining 8-percent of crashes simulated, the Waymo Driver was unable to mitigate or avoid the impact. They were all situations where a human-operated vehicle struck the back of a Waymo vehicle that was stationary or moving at a constant speed, this “giving the Waymo Driver little opportunity to respond,” Victor explains.

    That is equally important, Waymo argues, because when they finally launch in any significant number, autonomous vehicles are going to have to coexist with human drivers on the road for some time to come. Those human drivers can’t be counted on to follow the same rules as stringently as Waymo’s software demands.

    Waymo has released a paper, detailing its findings. Part of the challenge for assessing autonomous vehicles, it argues, is that high-severity collisions are thankfully relatively rare in the real world. As such, “evaluating effectiveness in these scenarios through public road driving alone is not practical given the gradual nature of ADS deployments.”

    Continue Reading

    Cars

    2022 Genesis G70 Launch Edition previews sport sedan refresh

    Published

    on

    Genesis has revealed the new 2022 G70 Launch Edition, the first of the refreshed versions of its compact sports sedan to land in the US, looking handsome with the automaker’s striking new design language. Announced last October, Genesis’ smallest sedan will debut initially in the form of the limited-production 2022 G70 Launch Edition, with only 500 expected to be offered.

    Where the old G70 had a squared-off fascia, this updated version is a lot softer in its angles. The bottom edge of the oversized shield-shaped front grille now comes to a point in the lower fascia, rather than being flat, while that lower grille section is more muscular and contoured.

    It’s the headlamps, though, which are the biggest departure. They get Genesis’ new signature quad-LED element, with dual horizontal daytime running lamp lines on each side. It’s something we’ve seen the automaker put to good use on its larger sedans, and on SUVs like the new GV80.

    Genesis says the new G70 is lower and wider at the front end, while the profile of the sedan is sharper, too. At the rear, the trunk lid has been smoothed out, with a more distinctive integrated spoiler. The taillamp clusters, meanwhile, have a more angular appearance, echoing the quad LED light signature at the front. Altogether it looks tidier and more focused than the outgoing car.

    Inside, meanwhile, the changes are more subtle. The dashboard shape in general has been carried over, with dedicated HVAC control knobs, a physical transmission shifter, and a multifunction steering wheel. However there’s now a new 10.25-inch HD display atop the dashboard, replacing the old 8-inch version.

    That gets the graphics from Genesis’ more recent models, a huge improvement compared to the Hyundai-donated software UI in the last-gen G70. There’s both Apple CarPlay and Android Auto, and the driver gets an 8-inch HD digital gauge cluster flanked by analog dials.

    As for what’s under the hood, don’t expect a departure from the existing engines. That includes the optional 3.3-liter twin-turbo V6, with 365 horsepower. The entry engine is a carry-over of the 2.0-liter turbocharged inline-4, with 252 horsepower. An 8-speed automatic is likely to be standard; the six-speed manual gearbox Genesis once offered won’t be making an appearance.

    Genesis will keep the options simple for the Launch Edition: it’ll only offer the sedan in Verbier White or Melbourne Grey matte paint. 19-inch black wheels will be standard, as will a red leather interior. Although you’ll be able to pick RWD or AWD, the G70 Launch Edition will only be offered with the more potent V6 engine, Car & Driver reports.

    Pricing is yet to be confirmed, though the current G70 starts at just north of $37k. Reservations for the Launch Edition are open now, with the first cars set to arrive in the US come the spring.

    Continue Reading

    Cars

    GMC Hummer EV SUV reveal dated: Watch the electric pickup go sideways on ice

    Published

    on

    GMC will reveal its second Hummer EV variant in just a few weeks time, with the SUV version of the all-electric super truck promising an alternative body-style to the original pickup. The GMC Hummer EV SUV will be unveiled on April 3, the automaker confirmed today, though this isn’t the first time we’ve heard about the new version.

    Back in July 2020, in fact, GMC teased what we could expect from the SUV body. As you might expect, it’s the same bold lines and chunky styling from the front back to roughly the C-pillars.

    However unlike the pickup’s roughly 5 foot long bed, the SUV will have an enclosed cargo area. That will allow for a spare wheel to be mounted on the tailgate. We’re still expecting to see removable roof panels, allowing most of the top of the electric truck to be opened up, though final cargo capacity will have to wait until the official reveal.

    As for what’s underneath the sheet metal, there we’re unlikely to see GMC straying too far from the architecture of the Hummer EV pickup. Based on GM’s Ultium platform for electric vehicles, that includes up to three motors and 1,000 horsepower in total, depending on trim. Torque vectoring – where power is individually controlled in its delivery to each rear wheel – and a “CrabWalk” mode that allows the trunk to track diagonally at low speeds in off-road or tight parking lot conditions are also supported.

    0-60 mph should come in around 3 seconds for the most potent Hummer EV, GMC has said, while range will be up to around 350 miles on a charge. 800V DC fast charging with support for up to 350 kW should mean 100 miles of range added in just 10 minutes.

    While GMC is launching the pickup version with the limited-availability 2022 Hummer EV Edition 1 first, it has more affordable versions planned for 2022 and beyond. That’s likely to be the same strategy the automaker takes with the electric SUV, with premium pricing and a heavily constrained supply to begin with. Reservations for the SUV will open on April 3, GMC has said.

    As for progress on the electric pickup, GMC says it has been undertaking winter testing in Michigan’s Upper Peninsula, making ample use of the snow and ice to see how the all-wheel drive holds up. That also includes testing of the electronic stability control and traction control.

    Production of the 2022 Hummer EV pickup is expected to begin in the fall, GMC says, with initial deliveries before the end of the year.

    Continue Reading

    Trending