virtual grind thoughts from the virtual world


Cisco Vulnerability – CVE-2016-1287

Recently, Cisco published an advisory highlighting a critical buffer overflow vulnerability that affects the ASA, ASAv, Firepower ASA, and ISA products. This vulnerability is remotely exploitable and the SANS ISC is reporting large spikes in UDP 500 scanning.

The vulnerability affects many different ASA versions and some older 8.x versions are not able to be patched, without doing a major version upgrade. This could be challenging for some organizations since there are numerous operational changes within the ASA firmware and how the ASA deals with NAT, for instance. Fortunately, Stack8 has released a workaround for older versions if an organization cannot upgrade. This also may be a good idea for organizations that need time to plan their upgrade or wait for a change window.

I would urge all organizations to take this vulnerability very seriously and patch as soon as possible. I already see exploits in the wild that can do things like reboot the ASA, download/upload config, and also install an ASA rootkit.

For the technical readers, a full explanation of the vulnerability is here.


The Insecurity of Everything

As we all know, it is becoming a standard to have every electronic device that you own connected to the Internet. In the past, we thought of our networking gear, servers, and workstations as our main points to protect from unwanted access and malicious code. As technology progresses, everything from your watch to home appliances are now connected to the Internet. This opens up a whole new attack vector.

I recently ran in to an article by Proofpoint that outlines a recent hack that infected over 100,000 hosts to run a SPAM attack. The research shows that more than 25% of the devices used in the attacks were consumer based products, even including a refrigerator! This is just one of many stories I hear and I believe that we will start seeing a lot more of this.

Let's face it, security is not always the focus of non-security geeks. With more devices coming online, is there an industry for refrigerator security software or maybe we sill start seeing the old 90's hacking pranks start to surface again!

Link to Proofpoint article - Proofpoint Uncovers Internet of Things (IoT) Cyberattack

Filed under: Security Comments Off