The vulnerability is due to bad handling of LDAP responses when the latter is being used for External Authentication. The bad actor can run the exploit by creating a crafted HTTP requests effectively bypassing authentication and getting administrative privileged access to the Web GUI.
Microsoft RDP protocol is one of the main focuses of bad actors in these days. There are reports for numerous successful breaches in small and medium sized organizations with heavy use of RDP from outside.
The vulnerability is based on the SIP inspection code that handles SIP signaling packets.
On the 29th of March a company that deals with security in embedded devices, called Embedi published their discovery about a critical vulnerability in most Cisco Switch devices (both running IOS and XE).
In the last months and years we have seen multiple DDoS attacks based on amplification techniques (DNS, NTP, Chargen, SSDP)
As you probably know the Equifax (one of the three big credit bureaus in North America and UK) announced it was breached (discovered unauthorized access) on the 29th of July. So far, the predictions are that this leak of sensitive personal data impacts over 143 Million American, Canadian and British citizens.
Cisco currently has multiple endpoint security solutions in place – CWS (Cloud Web Security / Scansafe), Umbrella (OpenDNS) and AMP for endpoints are prime examples. AMP is a different breed of endpoint protection, it relies heavily on detection based on heuristics and cloud sandboxing, where as CWS and OpenDNS both concentrate very strongly on making sure your Internet browsing is secure and save.
Virtual Private Networks constitute a hot topic in networking because they provide low cost and secure communications between sites (site-to-site VPNs) whilst improving productivity by extending corporate networks to remote users (remote access VPNs). Naturally the VPN technology is widely deployed on all internet edge devices and most ASAs.
Cisco has finally decided to merge its two major network security products – the ASA and FirePOWER. These two have been living on the same hardware (5500X) model for years now but they required separate management which increased the deployment and operational costs for a Cisco FirePOWER implementation.
SHA-1 is dead, from a security point of view, but has been a long time coming. A combined research collaboration between CWI and Google, published a paper on 23th of February 2017 that proved deliberate collisions can be created for SHA-1 (Secure Hash Algorithm -1).
We are experiencing a new phase in our vision of network security. There is currently no quick fix solution, no 100% proof network security protection/prevention tool or product.
There is not a single industry anywhere in the world who are immune from the threat of some form of cyber-attack.
