Friday, June 26, 2015

Cisco miss a default SSH key ... again!

Cisco warns of a serious security problem on their IronPort devices: someone could get full access to them because they use SSH keys by default. The news, which is already worrying because the high number of these devices, especially when we recall that a year ago, Cisco had the same problem. We will take a closer look to it, as well as to the theft of data from Expedia customers, the judgement  of a cybercriminal  and yet another study on cybersecurity awareness by senior managers.

IronPort is a "gateway" of Cisco used in companies and other entities to control and protection of email  and webs with the objective of greater network security. But this safety is compromised just because Cisco has found that all the IronPorts use the same default SSH password. This means that if an attacker get this key, he could have opened the door to all devices. Cisco offers a patch amid the laughter of the community, as it is already the second time that happens the same with one of its products

People from Expedia are experiencing problems too. This popular online travel agency has warned its customers about the possibility of receiving fraudulent mail or SMS messages asking their cards data on behalf of Expedia. It seems that some have received  them after someone accessed a database with names, phone numbers, email addresses, travel and customer information in Expedia. According to the company, the problem has not been a security breach in their systems but in an agency linked to it.

Five years in prison for the creator of Blackshades

We stop talking about problems to focus on solutions. We do not know if a good solution is to put people in prison, but for now we have no other option. If yesterday we knew FBI had arrested the Turkish Findikoglu Ercan, 33, the cybercriminal world's most wanted for millionaires robberies to credit cards, now they tell us that the Swedish Alex Yucel, creator of Remote Access Trojan (RAT) Blackshades, has been sentenced to five years in prison.

Managers do not feel cybersafe

We ended up with one survey of senior managers to know their level of awareness about cybersecurity. 66% of them believe their companies are unprepared against a cyber attack and only 4% feel totally safe. And about what makes them feel more afraid on a computer attack, the two major concerns are the impact on their reputation and intellectual property theft.

One more survey for managers says nothing new but it makes us realize  that in recent years has increased the "pressing" to be cognizant of cyber risks. Feel good about it!


Post a Comment