The vulnerability was discovered by Tavis Ormandy a well known security researcher and privately reported to Cisco which was patched on Monday January 23rd, 2017. The seriousness of the issue was the seemingly trivial exploitation vector.
“All that’s required for a malicious or compromised website to exploit the vulnerability is to host a file or other resource that contains the string “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” in its URL. That’s a “magic” pattern the WebEx service uses to remotely start a meeting on visiting computers that have the Chrome extension installed.”
If you haven’t done so, UPDATE or UNINSTALL the WebEx extension to remove the vulnerability. More information on the patch can be found here: Cisco Security Advisory
Kudos to Cisco on producing a patch in two days!
We are pleased to announce the release of a joint project Cyber Secure Texas (CST), with the support of Ultimatum Security, we aim to bring enterprise security services to the Small Business world in Texas. There are plans to expand, so keep your eye on the project if you’re out of the area however.
As opposed to hiring a full time IT staff,
The Cyber Secure Texas project aims to provide professional and high
quality cyber security services on a monthly basis, for an extremely
affordable flat rate. You’ll know exactly what you are getting, and
exactly how much it will cost. We believe small and medium sized
businesses deserve to benefit from premium security services. Visit the site to learn more! http://www.cybersecuretexas.com
Come visit us at the CyberTexas 2016 Exhibitor Floor!
Grab some toys, meet our staff, and if you’re tech savvy … maybe a challenge or two for some prizes!
If you’ve never been to San Antonio, now is the perfect time to come, meet some of the local military and commercial talent, network, and discuss trending security practices. We hope to see you there!
If you would like to set some time aside with us please shoot us a note at firstname.lastname@example.org.