Slashdot: Cisco Discloses Security Breach That Impacted VIRL-PE Infrastructure

Cisco Discloses Security Breach That Impacted VIRL-PE Infrastructure
Published on May 31, 2020 at 02:11AM
Thursday Cisco disclosed a security breach that impacted a small part of its backend infrastructure and two of its commercial products also bundling the SaltStack software package as part of their firmware. ZDNet reports: Cisco said that hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers... The six servers provide the backend infrastructure for VIRL-PE (Internet Routing Lab Personal Edition), a Cisco service that lets users model and create virtual network architectures to test network setups before deploying equipment in real situations. "Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised," the company said Thursday. Cisco said it patched and remediated all hacked VIRL-PE servers on May 7, when it deployed updates for the SaltStack software. However, the issue isn't localized to Cisco's backend infrastructure alone. Cisco says that two of its commercial products also bundle the SaltStack software package as part of their firmware. These are the aforementioned Cisco VIRL-PE, and Cisco Modeling Labs Corporate Edition (CML), another network modeling tool. Both VIRL-PE and CML can be used in Cisco-hosted and on-premise scenarios. In case companies use the two products on location, Cisco says CML and VIRL-PE need to be patched.

Comments

Slashdot: AT&T Says Leaked Data of 70 Million People Is Not From Its Systems

AT&T Says Leaked Data of 70 Million People Is Not From Its Systems Published on March 20, 2024 at 02:15AM An anonymous reader quotes a report from BleepingComputer: AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million. AT&T told BleepingComputer then that the data did not originate from them and that its systems were not breached. &q

Slashdot: TurboTax and H&R Block Want 'Permission to Blab Your Money Secrets'

TurboTax and H&R Block Want 'Permission to Blab Your Money Secrets' Published on March 03, 2024 at 02:04AM Americans filing their taxes could face privacy threats, reports the Washington Post: "We just need your OK on a couple of things," TurboTax says as you prepare your tax return. Alarm bells should be ringing in your head at the innocuous tone. This is where America's most popular tax-prep website asks you to sign away the ironclad privacy protections of your tax return, including the details of your income, home mortgage and student loan payments. With your permission to blab your money secrets, the company earns extra income from showing you advertisements for the next three years for things like credit cards and mortgage offers targeted to your financial situation. You have the legal right to say no when TurboTax asks for your permission to "share your data" or use your tax information to "improve your experience...." The article c

Slashdot: H&R Block, Meta, and Google Slapped With RICO Suit, Allegedly Schemed to Scrape Taxpayer Data

H&R Block, Meta, and Google Slapped With RICO Suit, Allegedly Schemed to Scrape Taxpayer Data Published on October 02, 2023 at 03:14AM Anyone who has used H&R Block's tax return preparation services since 2015 "may have unintentionally helped line Meta and Google's pocket," reports Gizmodo: That's according to a new class action lawsuit which alleges the three companies "jointly schemed" to install trackers on the H&R Block site to scan and transmit tax data back to the tech companies which then used elements of the data to engage in targeted advertising. Attorneys bringing the case forward claim the three companies' conduct amounts to a "pattern of racketeering activity" covered under the Racketeer Influenced and Corrupt Organizations Act (RICO), a tool typically reserved for organized crime. "H&R Block, Google, and Meta ignored data privacy laws, and passed information about people's financial lives around like

Shameless Plug

Search This Blog