Connect with us

Cars

Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw

Published

on

Cisco: DNS attacks will undermine trust in the internet
Sophisticated hacking group taps wide set of vulnerabilities as part of their global hacking spree.

Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. 

The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login for an IOS XE device without the correct password. 

SEE: 10 tips for new cybersecurity pros (free PDF)

The flaw, tracked as CVE-2019-12643, affects Cisco’s REST application programming interface (API) virtual container for ISO XE and exists because the software doesn’t properly check the code that manages the API’s authentication service. 

“An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device,” Cisco warns. 

“A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device.”

Cisco says it has confirmed that the bug affects Cisco 4000 Series Integrated Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, the Cisco Cloud Services Router 1000V Series, and the Cisco Integrated Services Virtual Router. 

The good news is that the affected REST API virtual service container isn’t enabled by default and needs to be installed and activated separately on IOS XE devices. 

However, if it is enabled, the underlying IOS XE device is vulnerable to the attack. The bug was found during internal testing and isn’t known to be currently under attack. 

Cisco has provided command-line instructions for admins to check whether the REST API has been enabled or not. It’s also provided a list of vulnerable versions of the container. 

Cisco’s REST API is an application that runs in a virtual container on a device and comes in the form of an open virtual application (OVA) with an .ova extension. 

SEE MORE: How secure are your containerized apps?

To cut off the attack vector, admins can delete Cisco’s REST API OVA package that in some cases can be bundled with the IO XE software image. However, Cisco also notes that the vulnerability can’t be fully mitigated with a workaround. 

Cisco is recommending admins upgrade both the REST API virtual service container and IOS XE. The container version that is fixed is iosxe-remote-mgmt.16.09.03.ova.

Cisco also disclosed five high-severity flaws that affected its Unified Computing System Fabric Interconnect, NX-OS software, and FXOS software. 

More on Cisco security



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cars

Here’s How Long A Tesla Model Y Battery Will Actually Last

Published

on

Many of us have found ourselves at the side of the road waiting for someone to arrive with a gas can to fill our empty tank. Pushing your gasoline-powered engine too far when the gauge is reading “E” will do that. And like pushing your luck with these types of vehicles, you’ll find yourself in a similar situation with an all-electric model if you aren’t planning your journey with care, requiring roadside assistance or an emergency charging solution.

The Tesla Model Y is equipped with a long-range battery that will last you a full day on the road in the vast majority of situations. If you are driving the Performance Model Y, this vehicle will carry you an average of 303 miles on a full charge, according to Tesla. Should you be considering the Long-Range Model Y, you can expect the battery to last longer, getting 330 miles on the same charge. 

By charging the EV overnight when you are finished, you’ll have a fully charged battery to begin your day, assuming you have a home charger. And if you are running low on juice, you’ll find over 35,000 Tesla Supercharging Stations around the world, around 1,400 of which are in the United States, according to the latest data from Scrape Hero. Plug your Model Y into one of these spots and Tesla says on its website that you can expect to get around 200 miles of range after 15 minutes of charging.

Continue Reading

Cars

The Most Luxurious Features Of Leonardo DiCaprio’s $1.5 Million Motorhome

Published

on

The features inside DiCaprio’s trailer are over-the-top, to say the least. It is 53-feet-long with four slide-out sections that can extend from 400 to 700 square feet at the touch of a button (via The Sun). According to Rovsek, it is the largest and most luxurious motorhome in the entire fleet.

It comes equipped with two fireplaces (in case one was not enough), and state-of-the-art technology including seven TV screens throughout the entire trailer. The motor home features mirror-covered ceilings and heated marble floors in the bathrooms, living room, and kitchen. It also features a wine bar and heated marble floors, according to Bloomberg Quicktake.

Surprisingly, the crown jewel in this upscale trailer is not the lounge area or the master bedroom. Instead, it is a custom-designed £40,000 walk-in shower. The shower was reportedly made with recycled glass and took craftsmen two weeks to install (via The Sun). 

Continue Reading

Cars

Here’s The Easiest Way To Scan Your Android Phone For Viruses

Published

on

There’s a common misconception about smartphones, and it’s a dangerous one: many people believe they don’t need to worry about viruses, spyware, and malware when they’re using a phone. If only that were true! Unfortunately, there are tons of smartphone viruses out there, and it’s more important than ever to try to protect yourself. After all, it’s not uncommon for our phones to hold access to some of our most private data, including passwords, messages, and even bank accounts. If you want to stay safe, it’s a good idea to scan your phone with an antivirus app.

You might often hear about various computer hacks and exploits, but when it comes to smartphones, things are usually pretty quiet — but that’s not due to a lack of malicious software. According to AVTest, the number of Android malware is steadily growing. In 2021, the company registered 3.28 million instances of Android-specific malware, and there might very well be many more in reality. Even if you’re normally careful, it’s important to go the extra mile if you want to secure your phone alongside some of your most important data.

Remember that even phones that come with various protective measures from the get-go, such as the Samsung Galaxy handsets, can become compromised. If you already have an antivirus app on your phone, make sure to use it regularly. However, if you don’t or you do but you’re looking to switch to something else, read on to see some of the options available.

Popular antivirus apps for Android

Much like there are plenty of viruses that affect Android phones, there are also lots of antivirus apps that might seem great at first glance. However, upon closer inspection, some of them are riddled with ads and don’t actually do much to help you stay protected. When you search for the right app to suit your needs, some of them will be free and some will require an upfront payment or a monthly subscription. Here are some of the most popular options (based on download numbers and ratings) for you to explore.

  • BitDefender for Android: You can use the free version of this app that will passively protect your phone as well as allow scanning for viruses, but you can also pay to use the full-fledged version that expands the security and adds VPN access.
  • Avast One Essential: Avast is a well-known antivirus company in the PC space, but it also has a popular Android app. You can use the app for free to receive virus protection and a small amount of VPN bandwidth, but there’s a premium option too — and, unfortunately, the app will constantly remind you of that fact.
  • Norton 360: This is yet another PC giant that made its way to Android. Norton doesn’t offer a free version of its app, but if you’re willing to pay for it, you will get a number of features, including an ad blocker and a Wi-Fi analysis tool. The app costs $14.99 per year for the first year and then goes up to $30 per year.
  • Kaspersky for Android: This is a solid antivirus option even if you use the free version, but unfortunately, you only get real-time protection if you pay $15 per year for the premium version.

Pick the app that best suits your needs, download it from the Google Play Store, and install it onto your Android smartphone or tablet.

How to use antivirus software on Android

Each of the apps mentioned above should provide you with enough protection to not have to worry about Android viruses too much. Whether you chose a paid or a free version, you will have access to a tool that will scan your phone for malicious software. You should do this periodically. Doing so every couple of weeks is a safe approach, especially if you use your phone often. Make it a habit to always run a scan if you accidentally find yourself clicking a link that doesn’t seem all too trustworthy, too. We’ll now give you a quick rundown of what to do with your new antivirus app.

  1. Pick your app and install it through the Google Play Store. 
  2. You will most likely have to register an account to use the app.
  3. If you are picking a paid option, pay for your chosen service.
  4. Each of the apps will offer to scan your phone as the first step after set-up. This will check all of the apps on your phone and your storage for viruses.
  5. Once the scan is concluded, you can review the results. If any viruses were found, you’ll be told where they were. Remove all of them through the app.
  6. Go into the app settings and look for options to set up regular scanning. Depending on the app, you may also be offered real-time protection, which will run in the background as you use your phone.

Make sure to repeat these scans every so often. After you’ve had the chance to familiarize yourself with the free version of the antivirus product, you might want to consider upgrading. In the case of BitDefender and Avast, it’s most likely going to be worth it — especially if you want to regularly use a VPN and don’t already subscribe to one.

Continue Reading

Trending