That mega-vulnerability Cisco dropped is now under exploit

Hackers are actively trying to exploit a high-severity vulnerability in widely used Cisco networking software that can give complete control over protected networks and access to all traffic passing over them, the company has warned.

When Cisco officials disclosed the bug last week in a range of Adaptive Security Appliance products, they said they had no evidence anyone was actively exploiting it. Earlier this week, the officials updated their advisory to indicate that was no longer the case.

“The Cisco Product Security Incident Response Team (PSIRT) is aware of public knowledge of the vulnerability that is described in this advisory,” the officials wrote. “Cisco PSIRT is aware of attempted malicious use of the vulnerability described in this advisory.”

Read 7 remaining paragraphs | Comments

Businesses with Apple and Cisco products may now pay less for cybersecurity insurance

 Apple and Cisco announced this morning a new deal with insurer Allianz that will allow businesses with their technology products to receive better terms on their cyber insurance coverage, including lower deductibles – or even no deductibles, in some cases. Allianz said it made the decision to offer these better terms after evaluating the technical foundation of Apple and… Read More

Apple Partners With Cisco and Others to Make Businesses ‘More Resilient’ With Cyber Risk Management Solution

Apple today announced a new cyber risk management solution aimed at the enterprise market and launching with partners Cisco, Aon, and Allianz. Each company is adding their own expertise into the solution, including cyber resilience evaluation services from Aon, the “most secure” technology from Apple and Cisco, and options for enhanced cyber insurance coverage from Allianz.



The goal is said to help businesses better manage and protect themselves from the risk of cyber attacks, like ransomware and other malware-related threats. In the announcement, Apple said that the “low adoption” of cyber insurance amid an increased risk of attacks led to the new partnership, which ultimately aims to help businesses become “more resilient” to these threats.



Businesses taking part in the solution will potentially qualify for lower, “or even no,” deductibles in some cases, as well as gain access to “market leading” policy coverage terms. The key elements of the solution include:

Cyber Resilience Evaluation: Aon cyber security professionals will assess interested customers’ cyber security posture and recommend ways to help improve their cyber security defenses.

Cyber Insurance: Customers using Cisco Ransomware Defense, and/or qualified Apple products can be eligible for the Allianz-developed enhanced cyber insurance offering, acknowledging the superior level of security afforded to businesses by Cisco and Apple technology.

Incident Response Services: Organizations will have access to Cisco and Aon’s Incident Response teams in the event of a malware attack.

Apple CEO Tim Cook said that the partnership will help make cyber insurance “more accessible” for the businesses that partake in the solution. In total, Apple’s iPhone, iPad, and Mac devices are said to be the tools supported under the new insurance.

“The choice of technology providers plays a critical role in any company’s defense against cyber attacks. That’s why, from the beginning, Apple has built products from the ground up with security in mind, and one of the many reasons why businesses around the world are choosing our products to power their enterprise,” said Tim Cook, Apple’s CEO.

“iPhone, iPad and Mac are the best tools for work, offering the world’s best user experience and the strongest security. We’re thrilled that insurance industry leaders recognize that Apple products provide superior cyber protection, and that we have the opportunity to help make enhanced cyber insurance more accessible to our customers.”

Cisco has launched a new website with more information about the cyber risk solution. For business interested, Apple said that the solution is available starting today.

Tag: Cisco

Discuss this article in our forums

Cisco drops a mega-vulnerability alert for VPN devices

On January 29, Cisco released a high-urgency security alert for customers using network security devices and software that support virtual private network connections to corporate networks. Firewalls, security appliances, and other devices configured with WebVPN clientless VPN software are vulnerable to a Web-based network attack that could bypass the devices’ security, allowing an attacker to run commands on the devices and gain full control of them. This would give attackers unfettered access to protected networks or cause the hardware to reset. The vulnerability has been given a Common Vulnerability Scoring System rating of Critical, with a score of 10—the highest possible on the CVSS scale.

WebVPN allows someone outside of a corporate network to connect to the corporate intranet and other network resources from within a secure browser session. Since it requires no client software or pre-existing certificate to access from the Internet, the WebVPN gateway can be generally reached from anywhere on the Internet—and as a result, it can be programmatically attacked. A spokesperson for the Cisco security team said in the alert that Cisco is not aware of any active exploits of the vulnerability right now. But the nature of the vulnerability is already publicly known, so exploits are nearly certain to emerge quickly.

The vulnerability, discovered by Cedric Halbronn of the NCC Group, makes it possible for an attacker to use multiple, specially formatted XML messages submitted to the WebVPN interface of a targeted device in an attempt to “double-free” memory on the system. Executing a command to free a specific memory address more than once can cause memory leakage that allows an attacker to write commands or other data into blocks of the system’s memory. By doing so, the attacker could potentially cause the system to execute commands or could corrupt the memory of the system and cause a crash.

Read 2 remaining paragraphs | Comments

Voice interfaces beginning to find their way into business

 Imagine attending a business meeting with an Amazon Echo (or any voice-driven device) sitting on the conference table. A question arises about the month’s sales numbers in the Southeast region. Instead of opening a laptop, opening a program like Excel and finding the numbers, you simply ask the device and get the answer instantly. That kind of scenario is increasingly becoming a… Read More

Cisco Spark Assistant bringing voice commands to meeting hardware

 Anyone who has used modern meeting software knows it’s still fraught with challenges trying to get everyone into the meeting, futzing with the hardware or software and smoothly integrating external documents like PowerPoint presentations. Cisco is trying to improve and simplify the meeting experience with voice commands, and today it introduced Cisco Spark Assistant, a voice… Read More

Google and Cisco announce hybrid cloud partnership

 Google and Cisco today announced a new partnership around helping their customers build more efficient hybrid cloud solutions. Unsurprisingly, given Google’s recent focus, this partnership centers around the Google-incubated Kubernetes container orchestration tool, as well as the Istio service mesh for connecting and securing microservices across clouds. “Google Cloud and Cisco… Read More

Crunch Report | Cisco Buys BroadSoft for $1.9 Billion

Today’s Stories  Cisco scoops up BroadSoft for $1.9 billion to boost communications tools portfolio WeWork acquires Flatiron School Essential Phone gets a $200 price drop, existing customers get credit Credits Written by: Tito Hamze Hosted by: Tito Hamze Filmed by: Tito Hamze Edited by: Chris Gates Notes: I don’t know what to wear on Crunch Report (It’s a hard decision and… Read More