Security News
Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15,000 fine for shutting down more than 16,000 WebEx Teams accounts and over 450 virtual machines in 2018,. "[D]uring his unauthorized access he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco's WebEx Teams application, which provides video meetings, video messaging, file sharing, and other collaboration tools," a Department of Justice press release says.
Sudhish Kasaba Ramesh, a former Cisco engineer, was sentenced on Wednesday to two years in prison and ordered to pay a $15,000 fine for shutting down more than 16,000 WebEx Teams accounts and over 450 virtual machines in 2018,. "[D]uring his unauthorized access he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco's WebEx Teams application, which provides video meetings, video messaging, file sharing, and other collaboration tools," a Department of Justice press release says.
A previous patch for Cisco's Jabber chat product did not in fact fix four vulnerabilities - including one remote code execution flaw that would allow malicious people to hijack targeted devices by sending a carefully crafted message. Watchcom added: "The patch released in September only patched the specific injection points that Watchcom had identified. The underlying issue was not addressed. We were therefore able to find new injection points that could be used to exploit the vulnerabilities."
The bug impacts Cisco Jabber for Windows, Jabber for MacOS and the Jabber for mobile platforms. The most serious of the bugs, a cross-site scripting flaw, impacts Cisco Jabber for Windows and Cisco Jabber for MacOS. The flaw allow an authenticated, remote attacker to execute programs on a targeted system.
Cisco has addressed a new critical severity remote code execution vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. Cisco released security updates in September to address a critical RCE security vulnerability tracked as CVE-2020-3495 stemming from a Cross-Site Scripting bug in Cisco Jabber.
Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The new flaws, which were uncovered after one of its clients requested a verification audit of the patch, affects all currently supported versions of the Cisco Jabber client.
If you would like to improve your chances of getting hired, "The 2021 All-In-One AWS, Cisco & CompTIA Super Certification Bundle" is worth your attention. This mammoth collection of courses helps you prepare for a long list of certification exams, including Amazon, Cisco, Google, Microsoft, and CompTIA. It delivers over 240 hours of content in total, worth over $4,300.
Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after successful exploitation. Cisco Security Manager helps manage security policies on a large assortment of Cisco security and network devices, and it also provides summarized reports and security event troubleshooting capabilities.
Join Webex meetings without appearing in the participant list. "These flaws affect both scheduled meetings with unique meeting URLs and Webex Personal Rooms. Personal rooms may be easier to exploit because they are often based on a predictable combination of the room owner's name and organization name. These technical vulnerabilities could be further exploited with a combination of social engineering, open source intelligence and cognitive overloading techniques."
Identified by IBM's security researchers, the Webex flaws could allow attackers to join meetings as ghosts, remain in the meeting as a ghost after being expelled, and access information on meeting attendees. Tracked as CVE-2020-3419, the first of the issues impacts both Webex Meetings and Webex Meetings Server and is the result of "Improper handling of authentication tokens by a vulnerable Webex site."