Maintaining high level of security around your business is extremely crucial since thousands of businesses are being exposed to security vulnerabilities every year.

The security firm Embedi has recently discovered a vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software, forcing Cisco to release software updates, including three critical remote code execution security bugs. The vulnerability makes it possible for an unauthenticated, remote attacker to trigger a reload of an affected device. Only Smart Install client switches are prone to attack; whereas Cisco devices that are configured as a Smart Install director are not affected.

“In a securely configured network, Smart Install technology participants should not be accessible through the internet. But scanning the internet has shown that this is not true,” Embedi said. “During a short scan of the internet, 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open were detected.”

The problem affects devices running Cisco XE Software 16.x that is deployed with Cisco ASR routers and Catalyst switches. Attackers can exploit the vulnerability by logging into Cisco routers and switches with a high-privileged account.

Devices running IOS XE 16.x bring a hidden default account named “cisco” and a static password. While default accounts are not a part of Cisco products, this appears to have been left during the testing phase of IOS XE and affects only the v16.x versions.

Security vulnerability can lead to the following issues:

1. Triggering a reload of the device
2. Execution of arbitrary code on the device
3. An indefinite loop on the affected device that triggers a watchdog crash

According to Cisco, “the vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device.”

Identifying vulnerable areas of your business and equipping your company with the necessary tools to minimize the risk of data breach are important steps that need to be taken to enable the smooth functioning of an enterprise.

“It takes decades to build a reputation and few minutes of cyber-incident to ruin it.”

Every day we wake up to an incident of data breach, be it massive or small. The alarming rise in the number of data breaches puts forth innumerable questions on the security of our data.

Under Armour, a fitness apparel company, has made a shocking revelation that one of their renowned fitness apps, MyFitnessPal, has been hacked. Personal details of about 150 million users of the app were hacked, making it the largest data breach of 2018 so far.

According to an official statement, “The investigation indicates that the affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function called bcrypt used to secure passwords.” The fact that social security numbers, driver licence numbers and payment card data remain unaffected, comes as a huge relief.

Under Armour has notified MyFitnessPal users about the breach via e-mails and messages and has requested them to change their passwords.

MyFitnessPal tracks the diet and exercise of their users to determine optimal caloric intake and nutrients. The app claims to have the largest database of athlete behaviour, that includes statistics on workouts, nutrition, and sleep patterns.

Separating man from technology has become impossible; our personal information is available on diverse platforms, from social networking sites to mobile apps. Hence, providing multiple layers of security to a user’s data comes as a huge responsibility and even a minor incident of data breach can question the credibility of an organization.