The Dutch government has huge negative critics regarding Cisco Webex. They say that they were not informed about hacks and dataleaks. Following links are in Dutch (at the moment I don't have it in English): Dutch newspaper NRC - 5 juni 2024 Software voor videovergaderingen rijksoverheid gehackt, kabinet belooft onderzoek https://www.nrc.nl/nieuws/2024/06/0...id-gehackt-kabinet-belooft-onderzoek-a4855441 Security.nl - 5 juni 2024 Overheid onderzoekt datalek bij Webex, uit felle kritiek op Cisco https://www.security.nl/posting/844...datalek bij Webex, uit felle kritiek op Cisco PS BTW: One could question whether the Dutch government itself shouldn't be better informed and take appropriate measures. Oh well...
The Register - Fri 7 Jun 2024 15:04 UTC Cisco fixes WebEx flaw that allowed government, military meetings to be spied on https://www.theregister.com/2024/06/07/cisco_fixes_webex_flaw_which/ ========== Cisco Security Advisory Cisco Webex Meetings Meeting Information and Metadata Issue June 2024 https://sec.cloudapps.cisco.com/sec...iscoSecurityAdvisory/cisco-sa-webex-june-2024 Advisory ID: cisco-sa-webex-june-2024 First Published: 2024 June 4 21:00 GMT Last Updated: 2024 June 5 20:30 GMT Version 1.1: Read more at those links! ========== Note by me: Cisco says "Cisco has notified those customers who had observable successful attempts to access meeting information and metadata based on available logs." Three possibilities: 1. Cisco did NOT notify customers immediatally; and/or 2. Cisco did NOT notify the Dutch government; and/or 3. The Dutch government was sleeping. I see no other option than one of the three above mentioned options (or any combination ...)
Germany: Bundesamt for Sicherheit in der Informationstechnik (BSI) Federal Office for Information Security Article in German: Version 1.0: Webex by Cisco: Schwachstelle ermöglicht https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-248744-1032_csw.html There is a .pdf document there in German Webex by Cisco: Schwachstelle ermöglicht Abfluss von Metadaten Version 1.0, 10.06.2024 https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-248744-1032.pdf?__blob=publicationFile&v=2 Interesting is, among other things, this part: So, in short, the BSI is saying that not everyone was informed and that the information was not complete and sufficient. ======= Interesting is also the difference between the German and Dutch advice with respect to allready planned video meetings. For that see article in Dutch on 10 June at: https://www.security.nl/posting/845... Webex-lek: communicatietools geliefd doelwit This part in Dutch: So, in short, the Dutch say: cancel all video meetings made before 4 June, while the Germans say: use the date 28 May. Which rizes the question whether the German and Dutch governments actually speak to eachother and inform eachother ...
