Blog

Imagem inédita captada por telescópio mostra restos de estrela destruída por dupla explosão

Astrônomos do Observatório Europeu do Sul (ESO) conseguiram captar, pela primeira vez, provas visuais de que uma estrela de pequeno porte “morreu” após sofrer dupla explosão (fenômeno conhecido como supernova). As imagens foram feitas com o auxílio no telescópio Very Large (VLT) e o estudo foi publicado nesta quarta-feira, 2, na revista científica Nature Astronomy....

Blog

Ataque hacker afeta Pix com desvio de centenas de milhões de reais; o que se sabe

Crédito, Getty Images 3 julho 2025, 06:23 -03 Atualizado Há 16 minutos Uma empresa provedora de serviços de tecnologia que atende instituições financeiras sem infraestrutura de conectividade ao sistema de pagamentos Pix informou o Banco Central na quarta-feira (2/7) que sofreu um ataque cibernético aos seus sistemas. O Banco Central e as instituições financeiras não...

Technology

Writer CEO May Habib to take the AI stage at Disrupt 2025

AI agents are reshaping how work gets done across industries, and at TechCrunch Disrupt 2025, one of the leading voices in that transformation is stepping onto the AI Stage. May Habib, CEO and co-founder of Writer, will join us in San Francisco, October 27-29, for a fireside chat that dives deep into how enterprises are...

Technology

Cisco warns of a serious security flaw in comms platform – and that it needs patching immediately

americalatinanews.com5 hours ago04 mins

Login credentials for an account with root access was found in Cisco’s Unified Communications Manager
There are no workarounds, just a patch, so users should update now
Different versions of the tool are affected

Another hardcoded credential for admin access has been discovered in a major software application – this time around it’s Cisco, who discovered the slip-up in its Unified Communications Manager (Unified CM) solution.

Cisco Unified CM is an enterprise-grade IP telephony call control platform providing voice, video, messaging, mobility, and presence services. It manages voice-over-IP (VoIP) calls, and allows for the management of tasks such as user/device provisioning, voicemail integration, conferencing, and more.

Recently, Cisco found login credentials coded into the program, allowing for access with root privileges. The bug is now tracked as CVE-2025-20309, and was given a maximum severity score – 10/10 (critical). The credentials were apparently used during development and testing, and should have been removed before the product was shipped to the market.

No evidence of abuse

Cisco Unified CM and Unified CM SME Engineering Special (ES) releases 15.0.1.13010-1 through 15.0.1.13017-1 were said to be affected, regardless of the device configuration. There are no workarounds or mitigations, and the only way to address it is to upgrade the program to version 15SU3 (July 2025).

“A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted,” Cisco said.

At press time, there was no evidence of abuse in the wild.

Hardcoded credentials are one of the more common causes of system infiltrations. Just recently Sitecore Experience Platform, an enterprise-level content management system (CMS), held a hardcoded password for an internal user. It was just one letter – ‘b’ – which was super easy to guess.

Roughly a year ago, security researchers from Horizon3.ai found hardcoded credentials in SolarWinds’ Web Help Desk.

Via BleepingComputer

Source link

Leave a Reply Cancel reply

Related News