In brief: Cisco patches router, Call Manager

Cisco has patched a number of security vulnerabilities affecting its routers and Call Manager software.

Cisco has patched a number of security vulnerabilities affecting its routers and Call Manager software, some of which could be used to launch a denial-of-service attack against the products. The router bug affects all Cisco devices that use the company’s IOS software and that have enabled a little-known protocol called Stack Group Bidding Protocol, which is used to help manage network access using Cisco devices. The other two bugs relate to Cisco’s Call Manager software, which is used to manage VoIP calls. The bugs could be exploited by an attacker either to launch a DoS attack against the Call Manager machine or to gain added user privileges on such a system.

SPI Dynamics has announced Assessment Management Platform 2.0, Windows Server-based software for aggregating and scheduling Web and application scans. The updated version of AMP adds a way to designate user permissions for the SPI Dynamics vulnerability-assessment tool WebInspect 5.8. AMP is available and is priced at $60,000.

Security experts say botnets are becoming increasingly difficult to trace as criminal hackers have developed clever means to hide them. Botnets are networks of computers infected with code that allows hackers to control them. Once grouped together, a botnet is illegally used to send spam, propagate viruses and carry out distributed denial-of-service attacks aimed at causing a Web site to crash. Extortion schemes have emerged backed by the muscle of botnets, and hackers are also renting the use of armadas of computers for illegal purposes through advertisements on the Web, says Kevin Hogan, senior manager for Symantec Security Response, part of Symantec. Increasingly, botnet administrators have customized IRC commands, and many well-known commands that allowed for the remote querying of machines have been disabled, Hogan says.