The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks.
The vulnerability in question is CVE-2020-
An unnamed Islamic non-profit organization in Saudi Arabia has been targeted as part of a stealthy cyber espionage campaign designed to drop a previously undocumented backdoor called Zardoor.
Cisco Talos, which discovered the activity in May 2023, said the campaign has likely persisted since at least March 2021, adding it has identified only one compromised target to date, although it's
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system.
Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks.
The findings come from Cisco Talos, which has recorded an increase in activity carried out by the cybercriminals.
“Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan," security researcher Guilherme Venere said in an
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods.
"Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group's Fox-IT team said. "Thus, for a lot of devices
Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices.
Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 (CVSS score: 10.0) as part of an exploit chain.
"The
Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that’s under active exploitation in the wild.
Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system.
It’s worth pointing out that the shortcoming only affects enterprise networking gear that have the
Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials.
The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the root account that the company said is usually reserved for use during
Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop.
"HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021.
"The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses
Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition.
The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks
An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023.
Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin.
"The threat actor uses an uncommon technique to deliver the ransom note," security
A Microsoft Windows policy loophole has been observed being exploited primarily by native Chinese-speaking threat actors to forge signatures on kernel-mode drivers.
"Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates," Cisco Talos said in an exhaustive two-part report shared
Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox).
Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.
The spyware, which is delivered by means
Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition.
"These vulnerabilities are due to improper validation of requests that are sent to the web interface," Cisco said, crediting an unnamed external researcher for
Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices.
The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming.
The product in question makes it possible
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems.
The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets.
The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian victims
The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis.
The new version is offered for sale on the criminal underground for $59 per month, $360 per year, or alternatively, for $540 for a lifetime subscription.
"The stealer can harvest and exfiltrate
A previously undocumented threat actor dubbed YoroTrooper has been targeting government, energy, and international organizations across Europe as part of a cyber espionage campaign that has been active since at least June 2022.
"Information stolen from successful compromises include credentials from multiple applications, browser histories and cookies, system information and screenshots," Cisco
Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit.
The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition.
The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee.
"Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery
Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows.
Tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges.
By Ravie Lakshmanan — September 30th 2022 at 10:20
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts.
"The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday.
"The beacon configuration contains
Cisco on Wednesday rolled out patches to address three security flaws affecting its products, including a high-severity weakness disclosed in NVIDIA Data Plane Development Kit (MLNX_DPDK) late last month.
Tracked as CVE-2022-28199 (CVSS score: 8.6), the vulnerability stems from a lack of proper error handling in DPDK's network stack, enabling a remote adversary to trigger a denial-of-service (
The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022.
Cybersecurity firm eSentire, which disclosed the findings, raised the possibility that the intrusions could be the work of a criminal actor known as mx1r, who is said to be a member of
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.
The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser.
"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up.
Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices.
The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8)
A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found.
The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network.
"This access could be
Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems.
Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity.
The most severe of the issues are CVE-2022-20857, CVE-2022-20858,
The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.
"This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News.
Login
FreshRSS