Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Cisco discloses security breach that impacted VIRL-PE infrastructure

May 31, 2020
in Internet Security
Cisco discloses security breach that impacted VIRL-PE infrastructure
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cisco has disclosed today a security breach that impacted a small part of its backend infrastructure.

In a security alert published today, Cisco said that hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers:

You might also like

100+ critical IT policies every company needs, ready for download

ExpressVPN review: A fine VPN service, but is it worth the price?

Microsoft Defender for Endpoint now protects unmanaged BYO devices

  • us-1.virl.info
  • us-2.virl.info
  • us-3.virl.info
  • us-4.virl.info
  • vsm-us-1.virl.info
  • vsm-us-2.virl.info

The six servers provide the backend infrastructure for VIRL-PE (Internet Routing Lab Personal Edition), a Cisco service that lets users model and create virtual network architectures to test network setups before deploying equipment in real situations.

“Cisco identified that the Cisco maintained salt-master servers that are servicing Cisco VIRL-PE releases 1.2 and 1.3 were compromised,” the company said today.

Cisco said it patched and remediated all hacked VIRL-PE servers on May 7, when it deployed updates for the SaltStack software.

Cisco customers with CML and VIRL-PE gear also impacted

However, the issue isn’t localized to Cisco’s backend infrastructure alone.

Cisco says that two of its commercial products also bundle the SaltStack software package as part of their firmware. These are the aforementioned Cisco VIRL-PE, and Cisco Modeling Labs Corporate Edition (CML), another network modeling tool.

Both VIRL-PE and CML can be used in Cisco-hosted and on-premis scenarios. In case companies use the two products on location, Cisco says CML and VIRL-PE need to be patched.

The company has released software updates today for both products that incorporate fixes for the two SaltStack vulnerabilities that were utilized to breach Cisco’s VIRL-PE backend.

The two SaltStack vulnerabilities — CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) — have been disclosed on April 30, and have been heavily abused over the past month.

Security breaches caused by the two have been reported by mobile operating system vendor LineageOS, blogging platform Ghost, certificate authority Digicert, cloud software provider Xen Orchestra, and search provider Algolia.

In most of the past incidents, victims said the hacker breached SaltStack servers and installed a cryptocurrency miner. Cisco did not elaborate on the nature of its breach.

SaltStack, also known as Salt, is a type of software used in data centers that allows administrators to cluster multiple servers together and control them from a central location.

The Cisco security advisory Cisco-SA-Salt-2vx545AG contains all the necessary information for Cisco CML and VIRL-PE users to patch their devices.


Credit: Zdnet

Previous Post

Black Lives Matter Gets Backing From TikTok Users in Show of Gen-Z Solidarity

Next Post

How machine learning can help you win big at casino?

Related Posts

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
ExpressVPN review: A fine VPN service, but is it worth the price?
Internet Security

ExpressVPN review: A fine VPN service, but is it worth the price?

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
Next Post
How machine learning can help you win big at casino?

How machine learning can help you win big at casino?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

100+ critical IT policies every company needs, ready for download
Internet Security

100+ critical IT policies every company needs, ready for download

April 15, 2021
NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers
Internet Privacy

NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers

April 15, 2021
AI.Reverie names Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie names Aayush Prakash as Head of Machine Learning

April 15, 2021
Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021
Neural Networks

Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021

April 15, 2021
How to Analyze Influencer Campaign Performance
Marketing Technology

How to Analyze Influencer Campaign Performance

April 15, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

How AI helps Overwatch League process 410M data points to build power rankings – IBM Developer

April 15, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 100+ critical IT policies every company needs, ready for download April 15, 2021
  • NSA Discovers New Vulnerabilities Affecting Microsoft Exchange Servers April 15, 2021
  • AI.Reverie names Aayush Prakash as Head of Machine Learning April 15, 2021
  • Why Corporate AI Projects Fail? Part 2/4 | by Sundeep Teki, PhD | Apr, 2021 April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates