Security Alerts & News
by Tymoteusz A. Góral

History
#1529 Cisco warns of critical flaw in email security appliances
Cisco Systems released a critical security bulletin for a vulnerability that allows remote unauthenticated users to gain complete control of its email security appliances. The vulnerability is tied to Cisco’s IronPort AsyncOS operating system.

isco first issued a security bulletin last week for the IronPort AsyncOS, but on Wednesday updated that alert with more information including a software update that addresses the security flaw. Cisco also indicated a workaround exists that can halt remote access to affected email appliances.

Cisco says the vulnerability (CVE-2016-6406) is tied to the presence of the company’s own internal testing and debugging interface; accessible on the IronPort AsyncOS operating system. “An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges,” Cisco explains.
Read more
#1529 Cisco warns of critical flaw in email security appliances
#1528 The psychological reasons behind risky password practices
#1527 Backdoored DLink router should be trashed, researcher says
#1526 ‘Money Mule’ gangs turn to Bitcoin ATMs
#1525 Data breach statistics 2016: First half results are in
#1524 Meet Apache Spot, a new open source project for cybersecurity
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12