Hello, welcome to the Friday, July 20th, 2018 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and the I'm recording from Washington, D.C.

Cisco released another set of updates yesterday, fixing 23 different flaws across its products.

Now, one product particularly hit hard this time is Cisco's policy suite.

It was hit with four critical vulnerabilities, meaning they provide unauthenticated access

to a net hacker.

Now, one of these vulnerabilities was yet another default password.

That is a good and a bad side to policy suite being affected. First of all, it's not a very

popular product. It's really something that's only used by large enterprises, by ISPs and

such, to define bandwidth rules across their network.

So this is nothing you'll find in smaller companies and hopefully the people who do run this

particular piece of software have been informed by Cisco.

But the bad part to it, well, it is being run by very large networks and as a result,

if it's not being fixed, then this could lead to some larger disruption. Well, talking about

some more popular devices, researchers at positive technologies found vulnerabilities in a home vacuum cleaner.

Now this particular vacuum cleaner isn't exactly a market leader.

It's Dong Kwan DG-360.

I couldn't find it on the US Amazon website, so not sure in what countries it's actually being sold one little twist

this particular model brings to vacuum cleaners is that it also acts as a video

surveillance system you can remote control the vacuum cleaner and using a built-in

camera you can essentially check if everything is okay at home.

Of course, that particular part does lend itself to abuse, and yes, there are vulnerabilities

...