Red Balloon Security has found a high-risk flaw in Cisco’s secure boot process which affects a broad range of Cisco products including routers, switches and firewalls. Codenamed Thrangrycat, the flaw is caused by a string of hardware design faults within Cisco’s Trust Anchor module. Cisco Trust Anchor module, introduced in Continue Reading
Cisco issued a security advisory for a bypass a critical susceptibility in its REST API of Cisco Elastic Services Controller. The company said that the fault, CVE-2019-1867, could permit an unverified, remote invader to avoid verification on the REST API. The issue is triggered by an inappropriate authentication of API Continue Reading
Cisco’s Talos security researchers have found that Alpine Linux Docker images have been sent with a NULL password for the root user, for the last three years. As part of a reversion introduced in December 2015, the hard-coded credentials were included in the Official Alpine Linux Docker images since v3.3. Continue Reading
As part of its May Android Security Bulletin, technology behemoth Google patched four remote code-execution (RCE) faults. Responsible for essential apps such as the dialer, email and camera, three of the serious viruses are tied to the System portion of the Android platform architecture. A fourth critical RCE bug is Continue Reading
Purportedly developed by the National Security Agency (NSA), at least one APT was using hacking tools long before the Shadow Brokers released the notorious trove of U.S. cyberweapons, according to new analysis. Active since 2010, the Buckeye threat group is credited by experts for running Operation Clandestine Fox, Operation Clandestine Wolf, Continue Reading
By