Thursday 16 May 2019

Cisco clueless about security, apparently: Meet Thrangrycat

3x U+1F63E: pissed pussies

Hundreds of Cisco products
are vulnerable to a secure-enclave takeover. Dubbed Thrangrycat, it permits an attacker to hide a persistent threat inside the Trust Anchor module (TAm) of any number of Cisco networking boxes.

The kicker: The software image loaded by the TAm—the “bitstream”—is not encrypted, nor verified. I mean, seriously, what’s the point of it all?

Shouldn’t we all just give up now? It’s tempting. In this week’s Security Blogwatch, we try to ignore the researchers’ stupid, stupid use of emoji to name a vuln.

Read more:

No comments:

Post a Comment