Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers

posted by martyb on Friday August 26 2016, @07:29PM   Printer-friendly
from the Snowden's-Shadow dept.

takyon writes:

Cisco is releasing patches for an exploit disclosed by an entity calling itself the Shadow Brokers:

Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency. The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.

ExtraBacon was released earlier this month together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.

[...] There is a second Equation exploit in the Shadow Brokers leak that targets ASA software. It is called EpicBanana and exploits a vulnerability that Cisco claims was patched back in 2011 in version 8.4(3). Nevertheless, the company published a new advisory for the flaw in order to increase its visibility. A third exploit, BenignCertain, affects legacy Cisco PIX firewalls that are no longer supported. Cisco investigated the exploit and said only versions 6.x and earlier of the PIX software are affected. Users who still have such devices on their networks should make sure they're running software versions 7.0 and later, which are not affected.

There is speculation that the hacks are actually leaks from a "second (third?) Snowden". A linguistic analysis of the "broken English" used by the Shadow Brokers determined that the text was written by someone pretending to not know English.

Previously:
"The Shadow Brokers" Claim to Have Hacked NSA
NSA 'Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot

Original Submission

 
This discussion has been archived. No new comments can be posted.
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by bob_super on Friday August 26 2016, @08:09PM

    by bob_super (1357) on Friday August 26 2016, @08:09PM (#393660)

    > CISCO frequently alerted the NSA to shipments of equipment to certain governments

    Note that Cisco doesn't have to actively do that. I'm pretty sure the US Customs is already tasked with reporting and inspecting international shipments to various "interesting" actors.
    While Cisco may or may not have known about the vulnerabilities (it's hard to keep disgruntled people from talking when you fire them a lot), the whole shipping-intercept is more likely to have been done behind their backs to limit the risk of leaks.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3