Announcement

Collapse
No announcement yet.

Cisco Nightmare

Collapse
X
Collapse
  •  

  • Cisco Nightmare

    Automation Friends,

    Please take a moment and insure that your Cisco equipment is secured. There is information that has been published on Reddit, Twitter and Medium that give step by step methodology for hacking this equipment. The information release is for Pentesting but could be used against network owners that are not aware or current.

    Recommendations:

    1) Make sure you are not operating using default configuration.
    2) Insure that responsible security network engineers are aware in contracted environments.
    3) Stay vigilant.

    Lee

    • Pete Diffley
      #1
      Pete Diffley commented
      Editing a comment
      Thanks for the excellent advice Lee Kibler. It is so important with all the information out there that IT/OT administrators are extremely aware of the ongoing threats that face us in the world of critical infrastructure. Thank you again.
    Posting comments is disabled.

Article Tags

Collapse

Latest Articles

Collapse

  • Cisco Nightmare
    by Lee Kibler
    Automation Friends,

    Please take a moment and insure that your Cisco equipment is secured. There is information that has been published on Reddit, Twitter and Medium that give step by step methodology for hacking this equipment. The information release is for Pentesting but could be used against network owners that are not aware or current.

    Recommendations:

    1) Make sure you are not operating using default configuration.
    2) Insure that responsible...
    September 26, 2022, 10:39 AM
  • PWN2OWN Miami 2022 Results
    by [email protected]
    An Event, Pwn2Own Miami 2022 has wrapped up, and it was an amazing three days of competition. The Event, run by The Zero Day Initiative (ZDI) pitches researchers against Critical Infrastructure Software and Control Systems to try and find vulnerabilities in real-time on a stage. In total, $400,000 was awards for 26 unique 0-day Exploits (plus a few bug collisions).

    A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit
    ...
    May 19, 2022, 12:47 PM
  • Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems
    by [email protected]
    The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.

    Recently, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI jointly released an advisory about a new hacker toolset potentially capable of meddling with a wide range of industrial control system equipment. More than any previous industrial control system hacking toolkit, the malware...
    April 28, 2022, 12:22 PM
  • Upskill ICS/OT Cybersecurity in an IT world with Splunk’s BOTS Virtual Challenge
    by [email protected]
    Dragos and Splunk have released the latest Boss of the SOC (BOTS), “1UP Your ICS/OT Cybersecurity Team,” a virtual industrial control system (ICS) and operational technology (OT) challenge developed to provide a fun and engaging way cybersecurity teams can enhance their capabilities.

    What kind of challenge is Boss of the SOC? BOTS is a blue-team capture-the-flag (CTF) activity where participants use Splunk’s BOTS platform to answer questions about cybersecurity incidents that have...
    April 08, 2022, 07:26 AM
  • The Log4J Vulnerability Will Haunt the Internet for Years
    by [email protected]
    A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world's most popular applications and services to attack, and the outlook hasn't improved since the vulnerability came to light on Thursday. If anything, it's now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come.

    Lily Hay Newman discusses...
    December 16, 2021, 12:25 PM
  • When random isn't random... Check your numbers!
    by Pete Diffley
    Courtesy of TheHackerNews.com

    This is a very interesting article on how a critical vulnerability in random number generators used in billions of IoT devices could be used to influence what numbers they output.

    "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week. "In fact, in many cases, devices are choosing...
    Billions of IoT devices are affected by a critical flaw in the hardware random number generators.
    August 12, 2021, 06:37 PM
Working...
X