- Lawsuit alleges YouTube’s unboxing videos are ‘abusive’ ads aimed at kids Sunday 3:48 PM
- Dr. Dre shades Lori Loughlin with Instagram flex about his daughter getting into USC Sunday 3:13 PM
- University of Georgia frat’s racist Snapchat video draws campus outrage Sunday 1:21 PM
- Facing criticism for eating fish, vegan YouTube star Rawvana speaks out Sunday 10:47 AM
- Arnold Schwarzenegger chases mini-pony in new TikTok video Sunday 9:19 AM
- Review: ‘Sekiro: Shadows Die Twice’ is a cut above the rest Sunday 8:00 AM
- Where do 2020 Democratic candidates stand on healthcare? Sunday 7:30 AM
- How to (legally) stream live TV on Kodi Sunday 7:00 AM
- ‘Delhi Crime’ tackles inequality and women’s rights Sunday 7:00 AM
- How to watch the 2019 STP 500 at Martinsville Speedway for free Sunday 6:00 AM
- These high school theater kids put on a totally awesome ‘Alien’ play Saturday 3:59 PM
- Behold these photos of Elon Musk, but with Elizabeth Holmes’ eyes Saturday 3:11 PM
- Barbra Streisand gets ‘canceled’ over remarks about Michael Jackson’s alleged victims Saturday 2:09 PM
- Report: Florida man raped Texas teen after posing as Instagram celeb Saturday 12:14 PM
- Lori Loughlin’s daughters, Olivia and Isabella, could be banned from USC forever Saturday 11:46 AM
Cisco confirms ‘ExtraBacon’ zero-day exploit leaked by NSA hackers
The exploit could have allowed hackers to gain access to corporate networks.
After a group of hackers stole and published a set of NSA cyberweapons earlier this week, the multibillion dollar tech firm Cisco is now warning its customers and offering software updates and advice to counter two potent leaked exploits that attack and take over crucial security software used to protect corporate and government networks.
“Cisco immediately conducted a thorough investigation of the files released, and has identified two vulnerabilities affecting Cisco ASA devices that require customer attention,” the company said in a statement. “On Aug. 17, 2016, we issued two Security Advisories, which deliver free software updates and workarounds where possible.”
An unknown group of hackers dubbed the Shadow Brokers posted cyberweapons stolen from the so-called Equation Group, the National Security Agency-linked outfit known as “the most advanced” group of cyberwarriors in the internet’s history.
One of the cyberweapons posted was an exploit called ExtraBacon that can be used to attack Cisco Adaptive Security Appliance (ASA) software designed to protect corporate networks and data centers.
“A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code,” Cisco researchers explained in a security advisory.
Researchers combed over the exploits in the leak from early Monday on, including these particular attacks. Cisco’s incident response team began investigating the reports on the same day, the company said.
“ExtraBacon targets a particular firewall, Cisco ASA, running a particular version (8.x, up to 8.4), and you must have SNMP read access to it,” Khalil Sehnaoui, a Middle East-based cybersecurity specialist and founder of Krypton Security, told the Daily Dot. “If run successfully, the exploit will enable the attacker to access the firewall without a valid username or password.”
ExtraBacon was a zero-day exploit, Cisco confirmed. That means it was unknown to Cisco or its customers, leaving them open to attack by anyone who possessed the right tools.
In 2014, Cisco CEO John Chambers wrote a letter to President Barack Obama about NSA spying after reports that the agency secretly inserted spyware into Cisco routers.
“We simply cannot operate this way, our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security,” Chambers wrote.
It’s not clear who the Shadow Brokers are or the full extent of the leaked data, almost half of which remains hidden as it is being sold to the highest bidder. The auction has evoked barely any response at all with the highest bid currently sitting at around $1,000.
Update 2:52pm CT, Aug. 17: Fortinet, a California-based cybersecurity firm, also issued an advisory on Wednesday warning of another vulnerability affecting their own firewalls. Their investigation into the ShadowBrokers data is ongoing.
Correction: Cisco has offered workarounds for the ExtraBacon exploit but has not yet issued a software patch. We regret the error.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.