Collaborate Disseminate
The mysterious hacking group is lashing out at people for not bidding on their stolen malware tools. Continue reading ‘Shadow Brokers’ Whine That Nobody Is Buying Their Hacked NSA Files
Cisco has announced it will be releasing a patch for a zero-day vulnerability exploited by a group of NSA hackers.
David Bisson reports.
Continue reading Cisco customers targeted by hackers using leaked NSA hacking tools
The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products – and they found one. CVE-2016-6415 arises from insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. “The IKE protocol is used in the Internet Protocol Security (IPsec) protocol suite to negotiate cryptographic attributes that … More → Continue reading BENIGNCERTAIN-like flaw affects various Cisco networking devices
Starting last Wednesday, Cisco has begun publishing fixes for the SNMP RCE flaw in the software of its Adaptive Security Appliances (ASA), which can be triggered through the EXTRABACON exploit leaked by the Shadow Brokers. The exploit was initially thought to work only on versions 8.4.(4) and earlier of the ASA firewalls, but researchers have recently discovered that with small modifications, the exploit can be made to work on more recent versions of the appliance. … More → Continue reading Cisco starts publishing fixes for EXTRABACON exploit
EXTRABACON, one of the Equation Group exploits leaked by the Shadow Brokers, can be made to work on a wider range of Cisco Adaptive Security Appliance (ASA) firewalls than previously reported. We successfully ported EXTRABACON to ASA 9.2(4) #ShadowBrokers #Cisco pic.twitter.com/UPG6yq9Km2 — SilentSignal (@SilentSignalHU) August 23, 2016 The leaked exploit of the zero-day buffer overflow vulnerability (CVE-2016-6366) in the SNMP code of the Cisco ASA, Cisco PIX, and Cisco Firewall Services Module can compromise versions … More → Continue reading Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls
American companies like Cisco, Fortinet and Juniper weren’t the only hacking targets revealed in the Shadow Brokers’ dump. Continue reading NSA Targeted Chinese Firewall Maker Huawei, Leaked Documents Suggest
Juniper Networks has become the latest company to acknowledge that one of the implants leaked by the Shadow Brokers targets some of their products. Cisco and Fortinet did the same a few days earlier. “Juniper Networks is investigating the recent release of files reported to have been taken from the so-called Equation Group,” Juniper employee Derrick Scholl explained in a post. “As part of our analysis of these files, we identified an attack against NetScreen … More → Continue reading Implant leaked by Shadow Brokers targets Juniper’s NetScreen firewalls
With only a small amount of work, ExtraBacon will commandeer new versions of ASA. Continue reading NSA-linked Cisco exploit poses bigger threat than previously thought
Last week’s data dump by the Shadow Brokers has left many wondering how the US will respond. This is just the latest in a series of politically motivated data breaches often attributed to Russia, including last year’s State Department and White House attacks, as well as this summer’s intrusions on the DNC and DCCC. However, these must not be viewed in isolation, but as part of the larger, on-going escalation of tensions between the US … More → Continue reading Shadow Brokers, digital attacks, and the escalation of geopolitical conflict
Structure of leaked files, other factors suggest someone inside “air gap” snuck them out. Continue reading Hints suggest an insider helped the NSA “Equation Group” hacking tools leak