Summary The Cyber Fusion Center has learned of malicious, seemly automated, exploitation of recent Cisco IOS and Cisco IOS XE critical vulnerabilities (CVE-2018-0171 & CVE-2018-0156)
Author: Francisco Donoso
Francisco Donoso leads the Managed Security Services Architecture team here at Kudelski Security.
CVE-2018-010 – Cisco Updates Advisory Regarding Critical Remote Code Execution and Denial of Service Vulnerabilities in ASA and FTD software
Summary On February 5th, 2018 Cisco updated an existing vulnerability advisory for CVE-2018-010 due to newly discovered attack vectors and because the original software fix
Meltdown & Spectre Attacks on CPU Flaws
Summary On January 3rd 2018, several hardware flaws affecting modern processors were publicly disclosed by security researchers. These flaws are exploitable by attacks nicknamed “Meltdown”
Key Reinstallation Attacks (KRACK) affecting WPA Protocol – Advisory
Summary On October 16th, several vulnerabilities affecting the Wi-Fi Protected Access II (WPA2) protocol were disclosed by security researchers in coordination with the U.S CERT.
Security Advisory: CCleaner Modified by Sophisticated Attacker to Deliver Malicious Code
Piriform’s CCleaner modified to deliver malicious backdoor Summary On September 18, 2017, CCleaner’s developer, Piriform, announced that recent versions of the CCleaner and CCleaner Cloud
The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1
Since the April 14th leak of the Equation Group’s hacking tools, I have been busy testing (and decompiling / reversing) the tools, understanding and documenting
