Cisco, the networking giant has said that they are becoming victims of hackers using the leaked NSA tools from a while back.
The tools were released in August by ShadowBrokers and were confirmed to be the real deal by the Equation Group; which was found to have very long standing ties to the NSA. This is the second public vulnerability since the data dump Cisco suffered at the hands of unknown hackers. Cisco said that it has already fixed the flaw in its SNMP implementation in its ASA firewalls.
Cisco warned customers that all versions of its IOS, IOS XE and IOS SX are vulnerable to one of the many exploits released in August. Cisco didn’t reveal which of its customers have already been breached, but it’s likely that since the issue effects firewalls, routers and switches made by the firm, there are some that have been some.
“The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests,” Cisco said in a blog post.
While Cisco’s Incident Response Team is aware of the exploitation of vulnerabilities to customers running the faulty platforms, they haven’t developed a patch. They have released IPS signatures and Snort rules to moderate the risks to its customers.
The new exploit was named BENIGNCERTAIN and its made up of three binary codes. Each code can be exploited to obtain RSA private key data and VPN configurations details if exploited.
Chief evangelist with GRC Apps company MetricStream, French Caldwell, issued warning to other spy agencies.
“If the NSA was hacked, the chances that they too have been targeted are certainly more than 50-50,” he warned.
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.
TRON ended November as the top blockchain by fees, extending its dominance in payment infrastructure…
Prediction markets just locked in another breakout month. November closed with $14.3 billion in total…
Trust Wallet is stepping into a completely new lane. The CZ-owned self-custody wallet has launched…
Kraken has announced the acquisition of Backed, the tokenization platform behind some of the fastest-growing…
Sui Pauses & AVAX Rebounds While Zero Knowledge Proof’s 200M Daily Presale Auction Goes Live,…
Europe just shut down one of crypto’s longest-running shadows. Germany and Switzerland, backed by Europol,…