fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cisco Fixes Critical Code Execution Bug In Jabber For Windows

https://open.spotify.com/show/3Gmj15x6cGrgJEzmGnDTTj?si=nytzAjvSR4qBqTbLP6pgKA

Cisco Fixes Critical Code Execution Bug In Jabber For Windows

Cisco fixes critical code execution bug in Jabber for Windows

Image: CoWomen

Cisco today addressed a critical severity remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows software.

Cisco Jabber for Windows is a desktop collaboration app designed to provide users with presence, instant messaging (IM), cloud messaging, desktop sharing, as well as audio, video, and web conferencing.

The vulnerability was found and reported by Olav Sortland Thoresen of Watchcom. The Cisco Product Security Incident Response Team (PSIRT) says that the flaw is not currently exploited in the wild.

The security flaw tracked as CVE-2020-3495 received an almost maximum 9.9 CVSS base score from Cisco and it is caused by improper input validation of incoming messages’ contents.

 

Exploitation via malicious XMPP messages

CVE-2020-3495 can allow authenticated, remote attackers to execute arbitrary code on systems running unpatched Jabber for Windows software after successful exploitation using maliciously-crafted Extensible Messaging and Presence Protocol (XMPP) messages.

No user interaction is required to exploit this flaw, with CVE-2020-3495 also being exploitable when the Jabber for Windows client is running in the background.

“A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution,” Cisco explains.

Attackers are required to have access to their victims’ XMPP domains to send the malicious XMPP messages needed to successfully exploit the vulnerability.

“As a result of exploitation, an attacker could cause the application to run an arbitrary executable that already exists within the local file path of the application,” Cisco added.

“The executable would run on the end-user system with the privileges of the user who initiated the Cisco Jabber client application.”

https://www.youtube.com/embed/AoG4iOwDstU

As Watchcom’s Olav Sortland Thoresen explains in a report with more details on CVE-2020-3495, attackers can also automate the exploitation process to create a worm capable of spreading automatically to new devices.

“Since Cisco Jabber supports file transfers, an attacker can initiate a file transfer containing a malicious .exe file and force the victim to accept it using an XSS attack,” then executing the malicious file on a targeted victim’s machine. 

Also read: How To Make A PDPC Complaint: With Its Importance And Impact

 

Vulnerable Jabber for Windows systems

Systems with Jabber for Windows configured in phone-only mode and those that use other messaging services are not vulnerable to exploitation.

The vulnerability does not impact Cisco Jabber for macOS or mobile platforms, and it affects all currently supported versions of the Windows Cisco Jabber client (12.1 to 12.9) as listed in the table embedded below.

Cisco Jabber for Windows Release First Fixed Release
12.1 12.1.3
12.5 12.5.2
12.6 12.6.3
12.7 12.7.2
12.8 12.8.3
12.9 12.9.1

Over the weekend, Cisco warned customers that threat actors actively attempting to exploit two zero-day denial-of-service (DoS) flaws affecting carrier-grade router IOS XR software.

The two security flaws impact any Cisco device running any Cisco IOS XR Software release if multicast routing is enabled on any active interface.

Cisco is still working on software updates to address these vulnerabilities and it provides mitigation measures to partially or fully remove the exploit vector.

Update: Added more details from Olav Sortland Thoresen’s advisory.

Also read: Basic Info On How Long To Keep Accounting Records In Singapore?

https://www.youtube.com/watch?v=30eI59FlBdk

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us