Vulnerabilities

sqlrob · October 12, 2023, 5:32pm

anon97585346 · October 17, 2023, 10:18pm

On Monday, Cisco reported that a critical zero-day vulnerability in devices running IOS XE software was being exploited by an unknown threat actor who was using it to backdoor vulnerable networks. Company researchers described the infections as a “cluster of activity.”

On Tuesday, researchers from security firm VulnCheck said that at last count, that cluster comprised more than 10,000 switches, routers, and other Cisco devices. All of them, VulnCheck said, have been infected by an implant that allows the threat actor to remotely execute commands that run at the deepest regions of hacked devices, specifically the system or iOS levels.

“Cisco buried the lede by not mentioning thousands of Internet-facing IOS XE systems have been implanted,” VulnCheck CTO Jacob Baines wrote. “VulnCheck scanned internet-facing Cisco IOS XE web interfaces and found thousands of implanted hosts. This is a bad situation, as privileged access on the IOS XE likely allows attackers to monitor network traffic, pivot into protected networks, and perform any number of man-in-the-middle attacks.”

anon97585346 · October 19, 2023, 12:26am

BakaNeko · October 22, 2023, 2:38am

LurksNoMore · October 22, 2023, 9:31am

Another reminder to always use a strong adblocker, everywhere. Including sites you like and trust, because they get their ads from Google, and there’s no telling what bullshit is hidden there.

The age of ad-funded internet is over.

sqlrob · October 24, 2023, 11:03pm

FGD135 · October 28, 2023, 10:41am

anon97585346 · October 29, 2023, 2:59am

KathyPartdeux · November 2, 2023, 11:54pm

teknocholer · November 3, 2023, 1:23pm

More info here.

BakaNeko · November 9, 2023, 5:40pm

KathyPartdeux · November 13, 2023, 2:34pm

FGD135 · November 14, 2023, 5:43am

KathyPartdeux · November 22, 2023, 3:38am

anon87143080 · November 22, 2023, 3:53am

Not to take away from the seriousness of GPS jamming but I don’t see how spoofing would corrupt the INS (not IRS as the article says). They’re passive systems and so Pilots can use them as reliable backup to GPS. Because every INS will drift over time it isn’t that unusual for pilots to get a reference from the ground to update the INS data and keep it accurate. Some military aircraft also support navigation via terrain matching.

KathyPartdeux · November 22, 2023, 4:00am

Nick Fury : Is the sun coming up? Carrier Bridge Tech : Yes, sir. Nick Fury : Then put it on the left . Get us over water.

Or break out the sextant?

anon87143080 · November 22, 2023, 4:02am

In truth, the C-130 still carries a sextant for navigation.

Simon_Clift · November 22, 2023, 1:16pm

That’s exactly what the navy does. We are one Carrington Event-level coronal mass ejection from being back to sextants, sunstones and lighthouses.

FGD135 · November 22, 2023, 2:22pm

Don’t break the sextant!

The chances of making it through a Carrington event without a total technology collapse actually aren’t that bad.

knoxblox · November 22, 2023, 4:19pm

Get Ready Prep GIF by CBS

Topic		Replies	Views
Lavabit Redux? links	5	1009	February 18, 2017
UK Snooper's Charter "would put an invisible landmine under every security researcher" boing	3	1115	November 16, 2015
Vulnerability in recorders used by 70+ CCTV systems has been known since 2014 boing	13	1698	March 29, 2016
Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network boing	19	2509	March 5, 2016
UK schools' "anti-radicalisation" software lets hackers spy on kids boing	11	2073	July 21, 2015

Related topics