InfoSec News Highlights - Cisco Layoffs, Locky Ransomware, and Cisco and Foritgate Shadowbroker Exploits
Well the “shortage” of IT and InfoSec Professionals made have just been solved by Cisco. Yesterday Cisco announce it is planning to cut 5,500 jobs from its workforce. The layoffs will supposedly allow the company to invest in key priorities such as security, IoT, collaboration, next generation data center and cloud.
More developments out of The Shadow Brokers dump of the NSA exploits. While researchers are pretty confident that the dump is from 2013 it appears that it does still contain zero days. Both Cisco and Foritgate have confirmed that there are real exploits against their platforms in the dump. Cisco identified two exploits, EPICBANANA and EXTRABACON, in the dump can allow remote code execution against its firewall products. The vulnerability that is exploited by EPICBANANA has been patched, but there is no fix currently for the vulnerability exploited by EXTRABACON. Now the attacker must know the SNMP community string to successfully use EXTRABACON, but honestly how many are “public” or very easily guessable? I would expect to see a huge spike in attacks using EXTRABACON in the coming days. Now Cisco has released Snort rules to detect EXTRABACON. Fortigate is faring a little better. The EGREGIOUSBLUNDER exploit only impacts Fortigate firmware Versions 4.x and lower released before Aug 2012. Firmware 5.x is not affect. There are other exploits for Watchguard and TOPSEC products. While those companies have not released any information, I would not be surprised that there are zero-days against these platforms in the dump.