Sport: Cisco VoIP adapters have critical security flaws - - PressFrom - US

Sport Cisco VoIP adapters have critical security flaws

02:05  19 november  2019
02:05  19 november  2019 Source:

Nvidia Geforce users need to patch their systems now

  Nvidia Geforce users need to patch their systems now Nvidia confirms issues with its GeForce Experience software as well as its GPU Display Driver.The company recently published two separate security advisories detailing the vulnerabilities and if left unpatched, the most severe of these vulnerabilities could allow for code execution or information disclosure.

Internet Security Systems also has released software that can block the attack, to help customers as they test and install the Cisco patch. No attacks have been reported that exploit the CallManager flaws , said a Cisco representative. The CallManager vulnerabilities are not considered " critical

Cisco Systems in the news: Cisco releases router patches to plug critical flaws : Cisco released software updates to fix a flaw in its uBR10012 router series. The appliances are used to provide a variety of network security features to address Voice over Internet Protocol ( VoIP ) security , VPN

While setting up a VoIP service in their home, security researchers at Tenable Research discovered a total of 19 vulnerabilities in VoIP adapters from Cisco's SPA100 Series.

a man standing in front of a window: null© Provided by Future Publishing Ltd. null

If exploited, these vulnerabilities could allow an attacker to eavesdrop on a user's conversations, initiate fraudulent phone calls and even pivot further into their internal network.

Security researchers Andrew Orr and Alex Weber purchased Cisco's SPA112 and SPA122 Analog Telephone Adapters (ATA) which connect a landline phone to a VoIP network. However, the two became curious about the security of these devices which have a large attack surface and began to run tests to see if any vulnerabilities were present in their recently purchased hardware.

A browser bug was enough to hack an Amazon Echo

  A browser bug was enough to hack an Amazon Echo Two security researchers have been crowned the top hackers in this year's Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display.

Cisco has released security updates for 24 critical and high-severity flaws found in its switches, next generation firewalls and security appliances. The good news is that the flaws were found during internal security testing, and there is no indication that they are being exploited in the wild.

This ransomware started as moneymaking operation and evolved into a campaign of pure destruction - but now victims can retrieve their files, for free.

  • Cisco fined for selling software with security flaws
  • Vulnerabilities discovered in Verizon routers leave millions of consumers at risk
  • Cisco routers have major security flaw

Upon further inspection, they found that leveraging the flaws they found in Cisco's devices would allow a cybercriminal to completely compromise the web interface of the adapters as well as the underlying operating system.

Cisco VoIP adapters

According to a blog post published by the security researchers, the flaws they discovered would enable an attacker to steal credentials, create superusers with full privileges and execute arbitrary code. They also explained how they were able to achieve privilege escalation on Cisco's VoIP adapters, saying:

Security Researchers Discover Flaws in U.S. Cash Machines

  Security Researchers Discover Flaws in U.S. Cash Machines A pair of security researchers has discovered two vulnerabilities in ATMs widely used across the U.S. that could allow a determined criminal to steal cash and customer data. require(["medianetNativeAdOnArticle"], function (medianetNativeAdOnArticle) { medianetNativeAdOnArticle.getMedianetNativeAds(true); }); Brenda So and Trey Keown, of New York-based Red Balloon Security Inc., found the flaws in machines manufactured by Nautilus Hyosung America Inc., the largest provider of ATMs in the U.S.

IP phones can be entry points into your business network. VoIP calls and voicemail messages are data, susceptible to data network attacks. Following is an introduction to some IP phone security strategies, from Cisco and two Cisco partners that provide VoIP security solutions and services.

Company alerts customers to vulnerabilities in communications software and tool to prevent DoS attacks.

“We were able to take the lower-privilege “cisco” user, leak the “admin” user’s password hash and then “pass-the-hash” to elevate our privileges. Separately, we were able to use an arbitrary file read to defeat ASLR, and then exploit a stack overflow to achieve code execution as root.”

Tenable Research informed Cisco PSIRT of the 19 vulnerabilities they discovered across seven Cisco security advisories and the networking giant has since addressed these flaws with a new 1.4.1 SR5 firmware release for their SPA 100 series devices.

By using Shodan, the security researchers were able to identify a total of 3,662 potentially vulnerable devices so if you're using a Cisco SPA 100 series VoIP adapter, it is highly recommended that you update to the latest firmware before these flaws are exploited in the wild.

  • Also check out our roundup of the best antivirus software

OnePlus discloses data breach, less than two years after the last one .
But the company won’t say how many are affectedIn an FAQ, the company says the breach was discovered last week, and that it has “inspected our website thoroughly to ensure that there are no similar security flaws.” That suggests the breach happened through the OnePlus website, perhaps the online store, rather than its phones.

—   Share news in the SOC. Networks

Topical videos:

usr: 14
This is interesting!