Tag Archive for 2023

| November 2, 2023
Comments Off on What’s Up with the Cisco XE Vulnerability

What’s Up with the Cisco XE Vulnerability

What's Up with the Cisco XE VulnerabilityIf you are using Cisco (CSCO) switches or routers that run on IOS XE software, you may be at risk of a serious security breach. A vulnerability (CVE-2023-20198) affecting the web user interface (UI) of IOS XE software has been actively exploited by cyber threat actors to take control of affected devices. This vulnerability allows an attacker to send malicious HTTP requests to the web UI and execute arbitrary commands with elevated privileges.

What is the Cisco IOS XE Vulnerability?

The Cisco IOS XE vulnerability is a command injection vulnerability that affects the web UI feature of IOS XE software. CERT Orange Cyberdefense discovered more than 34,500 IOS XE IPs compromised by the 10/10 vulnerability. The web UI is a web-based management interface that allows users to configure and monitor Cisco devices through a web browser. Cisco’s web UI feature is enabled by default on the base image and can be enabled or disabled through the command-line interface (CLI).

The vulnerability exists because the web UI does not properly validate the user input in the HTTP requests. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to the web UI that contain malicious commands. These commands are then executed with root privileges on the underlying operating system. Root grants the attacker full control over the device.

The attacker does not need to authenticate to the web UI to exploit this vulnerability. What they need is access to the web UI through the network. This means that any device that has the web UI exposed to the internet or an untrusted network is vulnerable.

How Can This Vulnerability Impact Your Network?

Data theftThe impact of this vulnerability depends on the role and configuration of the device in your network. An attacker who gains control of a Cisco device can use it to perform various malicious actions, such as:

  • Modify or delete the device configuration.
  • Install malware or backdoors on the device.
  • Redirect or intercept network traffic.
  • Launch attacks against other devices or networks.
  • Exfiltrate sensitive data from the device or network.

Depending on the device type and location, these actions can have serious consequences for your network. For example, an attacker who compromises a core switch or router can disrupt or manipulate the network traffic for a large segment of your network, affecting multiple services and users.

What Can You Do to Mitigate the Risk?

What Can You Do to Mitigate the Risk?Cisco has released a patch for this vulnerability. However, Cisco has not patched some versions of IOS XE software. You can check if your device is affected and if there is a fixed version available by visiting the Cisco Security Advisory page. If there is a fixed version for your device, you should apply it as soon as possible.

However, if there is no fixed version for your device yet, or if you cannot apply it immediately, you should take some additional steps to protect your network from this vulnerability. Here are some recommendations:

  • Disable the web UI feature on your device if you do not need it. You can do this by using the `no ip http server` and `no ip http secure-server` commands in the CLI.
  • Restrict access to the web UI feature by using access control lists (ACLs) or firewall rules. You should only allow trusted IP addresses or networks to access the web UI. You should also block any unauthorized or external access.
  • Monitor your network for any suspicious activity. You should use network security tools such as intrusion detection systems (IDS), intrusion prevention systems (IPS), or security information and event management (SIEM) systems to detect and respond to any potential attacks.
  • Report any information or evidence related to this vulnerability with CISA and Cisco to help them investigate and mitigate this threat.

How Can You Check If Your Device Is Affected?

How Can You Check If Your Device Is Affected?To check if your device is affected by this vulnerability, you need to verify two things: the version of IOS XE software running on your device, and the status of the web UI feature on your device.

Check the version. Check the version of IOS XE software running on your device by using the `show version` command in the CLI. You should compare the output with the list of affected and fixed versions provided by Cisco in the security advisory.

Check the status of the web UI. To do this you use the `show ip http server status` and `show ip http secure-server status` commands in the CLI. You should look for any output that indicates that the web UI feature is enabled or listening on any port.

If your device is running an affected version of IOS XE software and has the web UI feature enabled, you should consider it vulnerable and take immediate action to protect it.

The vulnerability is evolving

The vulnerability is evolvingOn 10/18/2023 threat intelligencer Censys found over 40,000 vulnerable devices. On 10/21/2023 ONYPHE said its scanning found 1,214 unique compromised IP addresses. That is a 97% decrease nearly overnight. There are number of possible explanations for the rapid decline. Some have argued that the attach is evolving. CERT Orange Cyberdefense speculated it is “a potential trace cleaning step is underway [by the threat actor] to hide the implant.”

rb-

The Cisco IOS XE vulnerability is a serious security issue that affects many Cisco devices running on IOS XE software. You should patch your device as soon as possible because the attacker are evolving the exploit. The ability to hide the exploit will make this a long-term problem on many networks.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| October 27, 2023
Comments Off on The Mystery of Le Griffon: The First Great Lakes Shipwreck

The Mystery of Le Griffon: The First Great Lakes Shipwreck

The Mystery of Le Griffon: The First Great Lakes ShipwreckAs the chilly winds of Halloween stir, tales of the paranormal come to life. In the darkest corners of Michigan’s history, a ghost story has lingered since the 17th century. It weaves a chilling tale around the 17th century French explorer René-Robert Cavelier, Sieur de La Salle. La Salle was, a man obsessed with discovering the mythical Northwest passage to China and Japan through the treacherous Great Lakes.

Le Griffon halloweenFirst full-sized sailing ship

La Salle commissioned the first full-sized sailing ship on the Great Lake, the Le Griffon. The Le Griffon was built at Fort Conti near Cayuga Island on the Niagara River in 1679. Le Griffon had a crew of 32, was armed with seven cannons and had a capacity of 45 tons. It was about 30 to 40 feet long and 10 to 15 feet wide.

The Le Griffon embarked from Ft. Conti on August 7, 1679. The explorers passed the Straits of Detroit on August 11, 1679 and arrived at Saginaw Bay on Lake Huron 25 August 1679. They then sailed north to Mishi-Mikinaak (Ojibwe) at East Moran Bay off the settlement of Mission St. Ignace.  On Sept. 2, 1679, the Le Griffon left St. Ignace and arrived a few days later at Detroit Harbor on Washington Island, near Green Bay.

La Salle traded with the local Pottawatomie tribe for furs and other goods. On September 18, 1679, La Salle dispatched the Le Griffon back to Niagara with six crew members and a cargo of furs. La Salle and the rest of his men continued their expedition by canoe.

Mysteriously disappeared

But the Le Griffon never made it back. It mysteriously disappeared somewhere in Lake Michigan. Leaving no trace of its fate. Some say it was sunk by a storm, and others claim the Jesuits sunk it, other say it was cursed by a witch or a griffin, a mythical creature that was half eagle and half lion.

The mystery of the Le Griffon has haunted generations of explorers, historians and treasure hunters. Some believe that the ship still sails the Great Lakes as a ghost ship, appearing and disappearing at will. Others think that it lies at the bottom of the lake, guarding its secrets and its treasure.

Final resting place

Numerous wrecks have been touted as the Le Griffon. However, none has been conclusively proven. Some of the most notable claims include:

It is said that the Le Griffon is a ghost ship. The is crew apparently heard chanting as she sails among the clouds on moonlit evenings. It has since been seen tracking a collision course with other vessels in Michigan Harbor, only to vanish before contact. Its wreck has never been definitively located.

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| October 23, 2023
Comments Off on Are You at Fault for the 23andMe Data Breach

Are You at Fault for the 23andMe Data Breach

Are You at Fault for the 23andMe Data Breach– Updated 10/28/2023- The data breach at 23andMe must be really bad. The data breach has drawn the attention (PDF) of a business loving GOP Senator.

A data breach has affected customers of the genomics firm 23andMe (ME). 23andMe is a U.S. biotechnology firm that offers genetic testing services to customers. Customers send a saliva sample to its labs and get back an ancestry and genetic predispositions report. The exposed information from this data breach includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

23andMe data breachReports indicate that a hacker first posted the data breach on August 11, 2023. The hacker posted on the Hydra cybercrime forum. The hacker claimed to possess 300 terabytes of stolen 23andMe user data. The data re-emerged on October 2, 2023, when a hacker using the username “Golem” posted the records on the cybercrime forum BreachForums. The hacker openly made an anti-Semitic threat, boasting that it was a targeted attack on Ashkenazi Jews. The hacker claimed the data breach records contained “information on all wealthy families serving Zionism … You can see the wealthiest people living in the US and Western Europe on this list.”

The data breach expands

23andMe data breachOn October 16, Golem claimed the data contained “samples from hundreds of families, including the royal family, Rothschilds, Rockefellers, and more.” The reference to the Rothschilds, a subject of antisemitic conspiracy theories, echoes Golem’s previous publication of 23andMe records allegedly focused on people of Ashkenazi Jewish descent.

23andMe spokesperson Andy Kill told TechCrunch in an emailed statement that the company was made aware of this new leak and that it is “reviewing the data to determine if it is legitimate.

23andMe blames customers for data breach

On October 6, 23andMe announced that hackers behind the data breach had obtained some user data. They claimed that to amass the stolen data the hackers used credential stuffing. Credential stuffing is a common technique where hackers try combinations of usernames or emails and corresponding passwords that are already public from other data breaches.

In response to the data breach, 23andMe urged their users to change their passwords and enable multi-factor authentication. On its official page addressing the data breach, 23andMe blamed the incident on its customers for reusing passwords and DNA Relatives. DNA Relatives is an opt-in feature the firm offers. It allows users to see the data of other opted-in users whose genetic data matches theirs. If a user had this feature turned on, it could allow hackers to scrape data on more than one user by breaking into a single user’s account.

Splitting hairs

23andMe stated it didn’t find any evidence of a “data security incident” because the information hackers gathered was available to opted-in users. But putting the burden on consumers to protect their own sensitive data with strong passwords and careful management is wrongheaded, said Suzanne Bernstein, with the Electronic Privacy Information Center told WAPOIf 23andMe is collecting, storing and processing a tremendous amount of very highly sensitive personal data, I think at the end of the day they should take responsibility for that.” 

Data breach victims not protected

The type of information genetic testing companies like 23andMe collect is currently not protected by the Health Insurance Portability and Accountability Act (HIPAA). 23andMe still allows for third-party data sharing in its privacy policy.

How to Protect Your Data from Breaches

Now that your genetic data is probably in the wild for anyone to abuse, you should do the following:

  1. Choose unique, impossible-to-guess passwords.
    23andMe users should immediately change their passwords. The new password should be complex and never have been used on other sites. A better response would be to use a password manager.
  2. Next turn on two-factor authentication.
  3. Request to delete your data.
    A 23andMe customer can request to delete their information from the site. If you live in a state with a comprehensive privacy law company is required to do so.
  4. A 23andMe customer can request their information be deleted from the site. But during the account deletion process, 23andMe tells users that the company and its partner lab will hang onto your “genetic information, date of birth and sex,” after your account is deleted, per state and federal legal requirements, according to the Washington Post.

    This means that even after 23andMe deletes your account, it still retains potentially sensitive genetic information. Researchers have shown that so-called anonymous genetic data can in some cases be re-identified.

  5. Don’t share genetic information
    Sharing your genetics with a DNA database increases your risk of botched criminal procedure, discrimination from insurance companies and employers, and targeted attacks such as blackmail, privacy experts say.

rb-

Now that your entire family’s DNA is out there there is no getting it back.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , ,
| October 15, 2023
Comments Off on Coffee is the Project Managers Secret Weapon

Coffee is the Project Managers Secret Weapon

Coffee is the Project Managers Secret WeaponResearch has found that drinking coffee is just as good as exercise on your job performance. One cup of coffee improves your working memory as much as spending 20 minutes on a treadmill. Coffee can contribute to enhanced cognitive function, including working memory.

caffeine is a natural stimulantThe primary active compound in coffee, caffeine, is a natural stimulant. When consumed, caffeine blocks the action of a neurotransmitter called adenosine, which promotes relaxation and drowsiness. By inhibiting adenosine, caffeine promotes wakefulness and alertness, including enhanced cognitive functions like working memory.

Coffee Improves Working Memory

Working memoryWorking memory is key to our ability to function as a curious human being. It helps the learning process and makes it possible to store information, such as phone numbers or a shopping list, in the short term. Working memory has a significant impact on a project manager’s job performance. Working memory plays a crucial role in many cognitive tasks required to be a successful PM. Here are some ways in which coffee-enhanced working memory can affect your job performance:

Communications

Effective communication is at the core of being a project manager. Effective communication relies on listening, comprehending, and responding to information. A strong working memory capacity enables you to follow conversations, retain key details, and formulate thoughtful responses.

Problem-Solving

Problem Solving

Project managers are always solving problems and making decisions. Working memory is essential for holding and manipulating relevant information when analyzing problems and considering potential solutions.

Information Processing

Working memory is responsible for temporarily holding and manipulating information. As PMs, we need to process and remember information, such as instructions, data, and task sequences.

Learning and Adaptation

Learning new information and skills is a continuous process for PM’s. A good working memory facilitates the acquisition and retention of new knowledge, as it allows individuals to process, connect, and store information for future use.

Time Management

Time Management Time management involves planning and organizing tasks. Working memory helps in keeping track of deadlines, schedules, and task priorities, which is crucial for meeting project-related goals.

Creativity and Innovation

Project managers utilize creative problem-solving to keep projects moving forward.  Creative problem-solving and innovation require holding multiple ideas or concepts in mind, manipulating them, and exploring new connections. Working memory supports these processes, allowing for more innovative solutions.

Task Execution

Project managers must complete tasks efficiently. Completing tasks often involves holding intermediate goals or steps in memory while working toward a larger objective. Working memory assists in task execution and reduces the risk of errors.

Accuracy and Error Reduction

When individuals can hold and manipulate information more effectively, they are less likely to make mistakes or overlook critical details.

Stress Management

Project managers with strong working memory abilities may better manage stress and high-pressure situations by staying organized and focused during challenging times.

rb-

Coffee can improve working memory by increasing alertness, focus, and concentration, promoting faster information processing, and reducing mental fatigue. These effects make coffee the project manager’s secret weapon to boost job performance.

 

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| October 7, 2023
Comments Off on What Native Americans Discovered Your Place First

What Native Americans Discovered Your Place First

Native Americans Discovered Michigan FirstColumbus Day marks the day when America was “discovered.” This is wrong. Columbus day ignores thousands of years of native Americans living in the Americas in favor of a Euro-centric narrative. The website Native-Lands attempts to document which native American people lived in your place before Columbus “discovered” them. 

Fort Pontchartrain du Detroit location in modern DetroitThe European history of Detroit says the first recorded contact between Europeans and the Great Lakes Indians occurred between 1534 and 1542, when Jacques Cartier of France explored the St. Lawrence River to discover gold or silver. In 1701 Antoine de la Mothe Cadillac founded Detroit. But this ignores the history of the Mound Builders who lived in the area before the Native American tribes.

The Detroit area has populated by as many as seven different native peoples before Columbus arrived.

The Peoria people are the descendants of those who created the great mound civilizations in the central U.S. 2,000 thousand years ago. Their territory ranged from Jefferson City, MO to Madison, WI over to Detroit and Toledo.

Native Lands

The Anishinabewaki native Americans populated a territory that stretched from Regina, Saskatchewan to Ottawa, Toronto, Detroit and Minneapolis.

Native Lands

Bodwéwadmi (Potawatomi) people lived in the Chicago area and ranged to Detroit, up the Door coast of Wisconsin and down the Mississippi river to near St. Louis MO.

Native Lands

Myaamia (Miami) native American people lived in an area that runs from the Door peninsula in Wisconsin down the Mississippi river into Kentucky and along the Ohio river to West Virginia and up to Detroit, on east into Ontario.

Native Lands

The Wyandot people call the eastern half of Michigan from the Mackinaw area down to Detroit and over to Cleveland their home.

Native Lands

Meškwahki·aša·hina (Fox) native people called Southeastern Michigan home. They inhabited the area from Detroit to Battle Creek, into Indiana and over to Toledo.

Native Lands

Mississauga people call the area around Lake Erie home. They ranged from Detroit east to London, ON, Buffalo NY, and Lake Ontario from Toronto to near Ottawa. Their range extended all the way to north Saulte Ste. Marie, CA on Lake Superior.

rb-

This Columbus Day, why not take some time and explore the cultures of the indigenous people who lived where you live before Columbus “discovered” America.

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
« Older Entries   Recent Entries »