Dive Brief:
-
Cisco issued a critical warning advisory to its customers last week over a vulnerability that could allow a hacker to remotely access and take over an affected device. The vulnerability impacts more than 300 models of Cisco Catalyst switches, the company said.
-
The vulnerability was brought to light when WikiLeaks released more than 8,700 documents it said came from the CIA's Center for Cyber Intelligence last week.
-
WikiLeaks said it would share the technical details and code of the hacking tools with Google, Apple, Microsoft and other affected tech companies. But WikiLeaks recently contacted those companies to ask them to sign off on a series of conditions first, according to a Motherboard report. The conditions reportedly include a requirement that companies issue a patch within three months.
Dive Insight:
WikiLeaks left tech companies in a vulnerable — and frustrating — spot. First, it told them they had major vulnerabilities, but left them without any clues to what those vulnerabilities might be.
Now the organization appears to be requiring tech companies to meet a series of conditions before it gives them the information they need to deploy patches.
The situation has put tech companies and their customers in a dangerous position and has resulted in emergency warnings from companies like Cisco.
Though WikiLeaks didn’t publish any code that would allow criminals to take advantage of the bugs it exposed, some hacking code did leak, CyberScoop reports. If criminals figure out the vulnerabilities before the companies are advised of them, they could wreak havoc on impacted companies' customers across sectors.
