Security News
A former Cisco Systems employee pleaded guilty this week to hacking into the networking company's cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Webex Teams is Cisco's collaboration application for enterprises.
Cisco Webex suffered from a vuln that could have allowed an attacker to access any account by simply copy-pasting a unique session token into a browser string. Once the token was extracted from the dump file, researchers were able to make a crafted HTTP POST request to Webex's servers, mimicking a genuine connection attempt, which returned a one-time login ticket for live meetings.
Cisco is warning of three high-severity flaws in its popular Webex web conferencing app, including one that could allow an unauthenticated attacker to remotely execute code on impacted systems. "An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site," according to Cisco's security update.
Cisco announced this week that it has added new security features to Webex and that it has also patched several high-severity vulnerabilities in the conferencing product. At its Cisco Live 2020 event, the networking giant informed customers that it has extended its data loss prevention retention, Legal Hold and eDiscovery features to Webex Meetings.
Cisco has released security updates for Cisco Webex Meetings and Cisco Webex Meetings Server that fix several remotely exploitable vulnerabilities, as well as one less severe one that could allow hackers to gain access to a target's Webex account. CVE-2020-3361 affects Cisco Webex Meetings sites and Cisco Webex Meetings Server and could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.
In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.
Web shell malware continues to evade many security toolsCyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. Phishers exploit Zoom, Webex brands to target businessesProofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco.
Proofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco. "Not only are attackers using video conferencing brands as a lure for malware, but they're using it for credential phishing, in particular to steal Zoom and Webex credentials."
An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.
Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed. The five CVE-listed bugs are down to what Cisco calls "Insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests.