Home Tags IPV6

Tag: IPV6

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE...

The Simple Network Management Protocolnbsp;(SNMP) subsystem of Cisconbsp;IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system ...

Cisco TelePresence ICMP Denial of Service Vulnerability

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting i...

Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficie...

Majority of Android VPNs can’t be trusted to make users more...

Study of nearly 300 apps finds shocking omissions, including a failure to encrypt.

Researchers ID Decades-Old 'Fruitfly' Mac Malware

It uses antiquated code, possibly to decrease chances of detection. A rare strain of malware known as "Fruitfly" appears to have been lurking in the dusty corners of macOS for years, taking advantage of vulnerabilities in code that hasn't been update...

Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service...

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a ...

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Uni...

Irish eyes are crying: Tens of thousands of broadband modems wide...

D1000 can be directed to drop its firewall, allowing access to panel over the internet Eir, Ireland's largest ISP, has tens of thousands of customers with insecure ADSL2+ modems that appear to be vulnerable to remote takeover. Earlier this month, a security researcher writing under the name "kenzo" has posted a proof-of-concept exploit that demonstrates how an attacker might take control of an Eir D1000 modem. The ZyXEL-built Eir D1000 [PDF] comes with an open TCP port, 7547, which is used by the CPE WAN Management Protocol to manage the modems on Eir's network.

According to kenzo, the modem includes a TR-064 server for LAN-based configuration, to allow ISPs to set up software on the device.
It's not supposed to be accessible from the internet, but apparently it is. TR-064 commands can be used, among other things, to fetch Wi-Fi security keys and to set up an NTP server that disables the modem firewall, thereby opening the administration interface on port 80. "By sending certain TR-064 commands, we can instruct the modem to open port 80 on the firewall," kenzo's post says. "This allows access to the web administration interface from the Internet-facing side of the modem.

The default login password for the D1000 is the Wi-Fi password.

This is easily obtained with another TR-064 command." A compromised modem could be used to attack other devices on the network or as part of a botnet. Last week, posting under the Twitter handle "Bobby 'Tables", Darren Martyn, a security researcher with Insecurity.net and former LulzSec hacker, appeared to confirm the vulnerability. A search [login required] using the Shodan vulnerability search engine suggests there are presently 63,828 vulnerable devices in Ireland, 62,251 of which are associated with Eir.

This is down from about 100,000 previously, according to kenzo. The Register sent inquiries to Eir but has not heard back. According to kenzo, two other Eir modems are vulnerable to the "Misfortune Cookie" vulnerability (CVE-2014-9222), ZyXEL models P-660HN-T1A_IPv6 and P-660HW-T1. kenzo observes that back when Eir went by Eircom, the company used Netopia modems that blocked port 7547 except for IP addresses assigned to its own management servers. Had the company done so for its D1000, the vulnerabilities would not have been exploitable. ® Sponsored: Customer Identity and Access Management

Networks Getting Younger As Organisations Start To Embrace Workplace Mobility, IoT,...

The number of enterprises with at least one security vulnerability is the highest in five years

London, UK - 9 November 2016 - Enterprises across the globe are refreshing their network equipment earlier in its lifecycle in a move to embrace workplace mobility, Internet of Things, and software-defined networking strategies.
In addition, their equipment refresh is more strategic, with architectural vision in mind.

But despite the higher refresh rate, networks are getting less secure, largely due to neglected patching.

These are some of the highlights in the annual Network Barometer Report today by Dimension Data.

First published in 2009, the 2016 Network Barometer Report was compiled from data gathered from 300,000 service incidents logged for client networks that Dimension Data supports.

Dimension Data also carried out 320 technology lifecycle management assessments covering 97,000 network devices in organisations of all sizes and all industry sectors across 28 countries.

Andre van Schalkwyk, Senior Practice Manager Network Consulting, Dimension Data said, “Since 2010, networks had been ageing.

This year’s Report reverses that trend, and for the first time in five years, we’re seeing networks age more slowly.

“Ageing networks are not necessarily a bad thing: companies just need to understand the implications.

They require a different support construct, with gradually increasing support costs. On the other hand, this also means that organisations can delay refresh costs,” says van Schalkwyk, and points out that ageing networks are unlikely to support initiatives such as software-defined networking and automation, or handle traffic volumes necessary for collaboration or cloud.

According to the Report, in Europe, Asia-Pacific, and Australia enterprises’ network age reduced in line with the global average, while in the Americas, the number of ageing and obsolete devices decreased much faster, from 60% in the 2015 Report to 29% in the 2016 Report.

This can be attributed to the release of pent-up spend following four years of financial constraint.
Van Schalkwyk said clients in the Americas appear to be refreshing networks with the new generation of programmable infrastructure.
In Asia-Pacific and Australia, equipment refresh occurred as part of data centre network redesigns.

In contrast to the global trend, in Middle East and Africa, the network age increased, possibly the result of economic uncertainty, particularly in South Africa.

Meanwhile, of the 97,000 network devices that Dimension Data discovered, the number of devices that have at least one known [1]security vulnerability increased from 60% in the 2015 Report to 76% in the 2016 Report – the highest figure in five years.

In Europe the rise in network vulnerabilities has been very steep over the last three years, hiking from 26% in 2014 to 51% in 2015 and to 82% in the 2016 Report. Network vulnerability has also risen in organisations in the Middle East and Africa over the last three years.
In Australia, 87% of network devices have at least one known vulnerability.
In Asia-Pacific and the Americas, networks are slightly less vulnerable - respectively 49% and 66%, compared to 61% and 73% in the previous edition.

Other highlights in the 2016 Network Barometer Report include:

  • The percentage of devices supporting IPv6 rose steeply from 21% last year to 41% this year, due to the increase in current devices in networks.

    This allows organisations with newer networks to support their digitisation strategies by enabling connectivity for the Internet of Things, big data, analytics, and containerisation.
  • Software-defined networking is coming soon, but not just yet. While there is market interest in software-defined networks, it’s early in the adoption cycle and today, few organisational networks are capable of supporting a software-defined approach.
    In 2015 less than 0.4% of devices could support software-defined WAN and only 1.3% of data centre switches were SDN-ready.
  • Incident response is 69% faster, and repair time 32% faster networks monitored by Dimension Data.
    These numbers reduce by a further 55% and 36% respectively, when combined with Dimension Data’s service desk integration.
  • 37% of incidents are caused by configuration or human error, which can be avoided with proper monitoring, configuration management, and automation.

[1] A security advisory is a notice issued by a manufacturer that they are aware of a security vulnerability on one of their products.

Follow us on
Twitter
Facebook
LinkedIn

About Dimension Data
Dimension Data uses the power of technology to help organisations achieve great things in the digital era.

As a member of the NTT Group, we accelerate our clients’ ambitions through digital infrastructure, hybrid cloud, workspaces for tomorrow, and cybersecurity. With a turnover of USD 7.5 billion, offices in 58 countries, and 31,000 employees, we deliver wherever our clients are, at every stage of their technology journey. We’re proud to be the Official Technology Partner of Amaury Sport Organisation, which owns the Tour de France, and the title partner of the cycling team, Team Dimension Data for Qhubeka.
Visit us at http://www.dimensiondata.com

For more information
Charlotte Martin / Jonathan Mathias
Finn Partners
020 3217 7060
DimensionData@finnpartners.com

RHBA-2016:2673-1: qemu-kvm-rhev bug fix and enhancement update

Updated qemu-kvm-rhev packages that fix several bugs and add variousenhancements are now available for Red Hat Virtualization Hypervisor 7. Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

Th...

New, more-powerful IoT botnet infects 3,500 devices in 5 days

reader comments 7 Share this story There's a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report. Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages.

Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network.

As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices. Linux/IRCTelnet also borrows telnet-scanning logic from a newer IoT bot known as Bashlight.
It further lifts a list of some 60 widely used username-password combinations built into Mirai, a different IoT bot app whose source code was recently published on the Internet.
It goes on to add code for attacking sites that run the next-generation Internet protocol known as IPv6. The best-of-breed approach "is driving a high infection speed of Linux/IRCTelnet (new Aidra) so it can [infect] almost 3,500 bot clients within only five days from the moment its loader was first detected," a researcher who goes by the handle Unixfreakjp wrote in a blog post reporting on the new malware. "To incarnate a legendary botnet code into a new version that can [target] the recent vulnerable threat landscape is really inviting more bad news."Like most IoT bots, Linux/IRCTelnet doesn't have what malware experts refer to as persistence.

That means that compromised devices are disinfected as soon as they're restarted.
Still, unless the rebooted devices are properly secured—by, for instance changing the default login credentials or disabling telnet connections—they are likely to be infected all over again. Once a device is infected, its IP address is stored so the botnet operator can re-infect it if it suddenly loses contact with the command and control channel. A recent volley of DDoS attacks launched from infected IoT devices has opened a troubling chapter for the Internet because the assaults are capable of delivering malicious data in volumes that were almost unimaginable just a few years ago. Linux/IRCTelnet is likely only the beginning of what could be a long line of next-generation malware that steadily improves its capabilities.

The proliferation of Internet-connected devices that by default are defenseless against these threats is bad news, indeed.

Hackers Release New Malware Into The Wild For Mirai Botnet Successor

Symantec A group of cyberattackers has created a new strain of malware dedicated to transforming vulnerable IoT devices into slave components for DDoS attacks. The new malware, dubbed Linux/IRCTelnet, was discovered by researchers who posted an analysi...