• halfempty@kbin.social
    link
    fedilink
    arrow-up
    40
    ·
    1 year ago

    “Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities. Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware.”

    • Aqarius@lemmy.world
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      1
      ·
      1 year ago

      “Good news everyone, our old products are compromised, and the only solution is to buy new ones!”

    • RobotToaster@mander.xyz
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      1
      ·
      1 year ago

      “China found the backdoors we installed for the NSA, buy our new product with different backdoors.”

    • Unaware7013@kbin.social
      link
      fedilink
      arrow-up
      19
      ·
      1 year ago

      I wonder if they’re using default/hard coded creds (Ciscos have had a ton of them) or if its just bad password hygiene on the admins’ part.

      • partial_accumen@lemmy.world
        link
        fedilink
        English
        arrow-up
        24
        ·
        1 year ago

        Hardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.

      • ddkman@lemm.ee
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        I do agree, and Cisco immediately grabbed the occasion to push their shitty restrictive trusted boot policy. Which is worrying.