Security News > 2021 > August > Hackers can bypass Cisco security products in data theft attacks
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks.
The threat actors can exploit a vulnerability in the Server Name Identification request filtering impacting 3000 Series Industrial Security Appliances, Firepower Threat Defense, and Web Security Appliance products.
The Cisco Product Security Incident Response Team is not aware of attackers or malware exploiting this security flaw in the wild.
SNIcat is a stealthy exfiltration method discovered by mnemonic Labs security researchers that bypasses security perimeter solutions and TLS inspection devices via TLS Client Hello packets.
"By using our exfiltration method SNIcat, we found that we can bypass a security solution performing TLS inspection, even when the Command & Control domain we use is blocked by common reputation and threat prevention features built into the security solutions themselves," the reearchers said.
"Cisco is investigating its product line to determine which products may be affected by this vulnerability," Cisco added.
News URL
Related news
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)