Cisco has admitted to losing customer data during a configuration change its enginners applied to its Meraki cloud managed IT service. From a report: Specific data uploaded to Cisco Meraki before 11:20 am PT last Thursday was deleted after engineers created an erroneous policy in a configuration change to its US object storage service, Cisco admitted on Friday. The company did say that the issue has been fixed, and while the error will not affect network operations in most cases, it admitted the faulty policy “but will be an inconvenience as some of your data may have been lost.” Cisco hasn’t said how many of its 140, 000+ Meraki customers have been affected. The deleted data includes custom floor plans, logos, enterprise apps and voicemail greetings found on users’ dashboard, systems manager and phones. The engineering team was working over the weekend to find out whether the data can be recovered and potentially build tools so that customers can find out what data has been lost. Read more of this story at Slashdot.
Original post:
Cisco Meraki Loses Customer Data in Engineering Gaffe
Orome1 quotes a report from Help Net Security: Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers’ home network and devices. The vulnerability (CVE-2017-3791), found internally by Cisco security testers, affects the platform’s web-based GUI, and can be exploited by remote attackers to bypass authentication and execute any action in Cisco Prime Home with administrator privileges. No user interaction is needed for the exploit to work, and exploitation couldn’t be simpler: an attacker just needs to send API commands via HTTP to a particular URL. The bug exists in versions 6.4 and later of Cisco Prime Home, but does not affect versions 5.2 and earlier. “Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text, ” Cisco instructed in the security advisory. Read more of this story at Slashdot. 
mattydread23 writes: Great story about the Open Compute Project from Business Insider’s Julie Bort here, including this fun tidbit: “‘OCP has a cultlike following, ‘ one person with knowledge of the situation told Business Insider. ‘The whole industry, internet companies, vendors, and enterprises are monitoring OCP.’ OCP aims to do for computer hardware what the Linux operating system did for software: make it ‘open source’ so anyone can take the designs for free and modify them, with contract manufacturers standing by to build them. In its six years, OCP has grown into a global entity, with board members from Facebook, Goldman Sachs, Intel, and Microsoft. In fact, there’s a well-known story among OCP insiders that demonstrates this cultlike phenom. It involves Apple’s networking team. This team was responsible for building a network at Apple that was so reliable, it never goes down. Not rarely — never. Building a 100% reliable network to meet Apple’s exacting standards was no easy task. So, instead of going it alone under Apple’s secrecy, the Apple networking team wanted to participate in the revolution, contributing and receiving help. But when the Apple team asked to join OCP, Apple said ‘no.’ ‘The whole team quit the same week, ‘ this person told us.” Read more of this story at Slashdot. 
Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way — levels that have not been seen since 2010 in fact. That’s according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet… “Many of the host IPs sending Necurs’ spam have been infected for more than two years. “To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions… This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again.” Before this year, the SpamCop Block List was under 200, 000 IP addresses, but surged to over 450, 000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump’s name appeared in 169 times more spam emails than Hillary Clinton’s. Read more of this story at Slashdot. 
schwit1 writes from a report via CRN: Cisco Systems is laying off about 14, 000 employees, representing nearly 20 percent of the network equipment maker’s global workforce. San Jose, California-based Cisco is expected to announce the cuts within the next few weeks, the report said, as the company transitions from its hardware roots into a software-centric organization. Cisco increasingly requires “different skill sets” for the “software-defined future” than it did in the past, as it pushes to capture a higher share of the addressable market and aims to boost its margins, the CRN report said citing a source familiar with the situation. “The company’s headcount as of April 20, 2016, was 73, 104, ” reports CRN. “Cutting 14, 000 employees would be the single largest layoff in Cisco’s 32-year history.” Read more of this story at Slashdot. 
Reader wiredmikey writes: Security researchers at Cisco have come across a piece of software that installed backdoors on 12 million computers around the world. Researchers determined that the application, installed with administrator rights, was capable not only of downloading and installing other tools, such as a known scareware called System Healer, but also of harvesting personal information. The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. The “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.” Tuto4PC said its network consisted of nearly 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices. An analysis of a sample set revealed infections in the United States, Australia, Japan, Spain, the UK, France and New Zealand.Tuto4PC has received flak from many over the years, including French regulators. Read more of this story at Slashdot. 
itwbennett writes: In a blog post on Rapid7’s community portal Sunday, HD Moore posted some notes on the Juniper ScreenOS incident, notably that his team discovered the backdoor password that enables the Telnet and SSH bypass. Quoting: “Although most folks are more familiar with x86 than ARM, the ARM binaries are significantly easier to compare due to minimal changes in the compiler output. … Once the binary is loaded, it helps to identify and tag common functions. Searching for the text “strcmp” finds a static string that is referenced in the sub_ED7D94 function. Looking at the strings output, we can see some interesting string references, including auth_admin_ssh_special and auth_admin_internal. … The argument to the strcmp call is 
When Bruce Schneier says of a security problem “This is serious, ” it makes sense to pay attention to it. And that’s how he refers to a recently disclosed Cisco vulnerability alert about “an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image.” Schneier links to Ars Technica’s short description of the attack, whicih notes The significance of the advisory isn’t that the initial firmware can be replaced. As indicated, that’s a standard feature not only with Cisco gear but just about any computing device. What’s important is that attackers are somehow managing to obtain the administrative credentials required to make unauthorized changes that take control of the networking gear. Read more of this story at Slashdot. 
Mark.JUK writes The Brooklyn 5G Summit appears to have provided a platform for Nokia Networks to demo a prototype of their future 5G (5th Generation) mobile network technology, which they claim can already deliver data speeds of 10 Gigabits per second using millimeter Wave (mmW) frequency bands of 73GHz. The demo also made use of 2×2 Multiple-Input and Multiple-Output (MIMO) links via single carrier Null Cyclic Prefix modulation and frame size of 100 micro seconds, although crucially no information about the distance of this demo transmission has been released and at 73GHz you’d need quite a dense network in order to overcome the problems of high frequency signal coverage and penetration. Read more of this story at Slashdot.