Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. […] Read More
BleepingComputer
Microsoft Bans Android Devices for China Employees, Mandates iPhones
Microsoft employees in China will be required to use iPhones, as the company plans to block Android devices from accessing its corporate resources.
This decision, as outlined in an internal memo obtained by Bloomberg News, is part of a broader company-wide initiative to strengthen its defenses against cyber threats.
According to the memo accessed by the publication, the primary reason for this shift is the unavailability of Google Mobile Services in China.
These services are essential for running Microsoft’s security apps, such as Microsoft Authenticator and Identity Pass, which are now mandatory for all employees.
Since Google Play Store, the official Android app store is not accessible in China, Apple’s App Store is the only place where these apps can be reliably downloaded.
According to the Android Authority report, To facilitate the transition, Microsoft will provide each employee currently using an Android phone with an iPhone 15.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
These iPhones will be available at various collection points throughout China.
Employees will still be allowed to use Android phones for personal use. This move underscores Microsoft’s commitment to ensuring that its employees have the necessary tools to maintain high-security standards while performing their duties.
Microsoft’s decision comes after repeated cyberattacks, including a significant breach linked to Russia that affected numerous US government agencies earlier this year.
The company has since launched the Secure Future Initiative, a comprehensive effort to enhance its security protocols.
This policy shift is certain to draw attention to the broader geopolitical tensions between the US and China.
Due to security concerns, Chinese government-backed entities have recently been urging employees to avoid using foreign devices at work.
At the same time, the US has already placed some strict sanctions against Chinese entities operating in the US.
Microsoft’s decision to mandate iPhones for its China-based employees highlights the ongoing challenges that multinational companies face in navigating the complex landscape of international cybersecurity and geopolitical relations.
As companies continue to bolster their defenses against cyber threats, such measures may become more common, reflecting the increasing importance of secure and reliable technology in the global business environment.
Microsoft’s move to ban Android devices and mandate iPhones for its employees in China is a significant step in its broader strategy to enhance cybersecurity.
It also underscores the intricate interplay between technology, security, and geopolitics in today’s interconnected world.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post Microsoft Bans Android Devices for China Employees, Mandates iPhones appeared first on Cyber Security News.
PoC Exploit Released for Cisco IMC Flaw – Urgent Update Advised
[[{“value”:”
Proof of Concept (PoC) exploit has been released for a critical vulnerability in Cisco’s Integrated Management Controller (IMC).
This flaw, identified as CVE-2024-20356, allows for command injection and could enable attackers to gain root access to affected systems.
The vulnerability resides in the web-based management interface of the Cisco Integrated Management Controller (IMC), a crucial component used for remotely managing Cisco hardware.
According to Cisco’s official security advisory, the flaw is due to insufficient user input validation in the IMC interface. This oversight allows an authenticated, remote attacker with administrative privileges to inject malicious commands.
Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot
The affected products include a range of Cisco servers and computing systems, notably:
5000 Series Enterprise Network Compute Systems (ENCS)
Catalyst 8300 Series Edge uCPE
UCS C-Series M5, M6, and M7 Rack Servers in standalone mode
UCS E-Series Servers
UCS S-Series Storage Servers
The exploit, as demonstrated by security researchers from Nettitude, involves several steps that manipulate the vulnerability to escalate privileges.
By sending crafted commands through the web interface, attackers can execute arbitrary code with root privileges on the Cisco hardware’s underlying operating system.
The PoC exploit, named “CISCown,” is part of a toolkit developed by Nettitude and is available on GitHub. It utilizes parameters such as target IP, username, and password to automate exploitation.
The toolkit tests for vulnerabilities and allows for deploying a telnetd root shell service on compromised devices.
The release of this PoC exploit signifies a critical threat level for organizations using affected Cisco products.
Gaining root access can give attackers full control over the hardware, potentially leading to data theft, system downtime, and further network compromise.
Cisco has responded by releasing software updates that address this vulnerability.
It is strongly recommended that all affected organizations apply these updates immediately. No known workaround mitigates this vulnerability, making the updates essential for securing the systems.
The release of the PoC exploit for CVE-2024-20356 highlights the ongoing challenges in securing complex network environments.
Users and administrators should visit Cisco’s official security advisory page and the Nettitude GitHub repository hosting the exploitation toolkit for more detailed information and access to the updates.
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.
The post PoC Exploit Released for Cisco IMC Flaw – Urgent Update Advised appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
The threat from commercial cyber proliferation
Report informing readers about the threat to UK industry and society from commercial cyber tools and services. Read More