Security News > 2021 > August > Hackers can bypass Cisco security products in data theft attacks
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks.
The threat actors can exploit a vulnerability in the Server Name Identification request filtering impacting 3000 Series Industrial Security Appliances, Firepower Threat Defense, and Web Security Appliance products.
The Cisco Product Security Incident Response Team is not aware of attackers or malware exploiting this security flaw in the wild.
SNIcat is a stealthy exfiltration method discovered by mnemonic Labs security researchers that bypasses security perimeter solutions and TLS inspection devices via TLS Client Hello packets.
"By using our exfiltration method SNIcat, we found that we can bypass a security solution performing TLS inspection, even when the Command & Control domain we use is blocked by common reputation and threat prevention features built into the security solutions themselves," the reearchers said.
"Cisco is investigating its product line to determine which products may be affected by this vulnerability," Cisco added.
News URL
Related news
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- Cisco bug lets hackers run commands as root on UWRB access points (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)