Security News > 2021 > August > Hackers can bypass Cisco security products in data theft attacks
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks.
The threat actors can exploit a vulnerability in the Server Name Identification request filtering impacting 3000 Series Industrial Security Appliances, Firepower Threat Defense, and Web Security Appliance products.
The Cisco Product Security Incident Response Team is not aware of attackers or malware exploiting this security flaw in the wild.
SNIcat is a stealthy exfiltration method discovered by mnemonic Labs security researchers that bypasses security perimeter solutions and TLS inspection devices via TLS Client Hello packets.
"By using our exfiltration method SNIcat, we found that we can bypass a security solution performing TLS inspection, even when the Command & Control domain we use is blocked by common reputation and threat prevention features built into the security solutions themselves," the reearchers said.
"Cisco is investigating its product line to determine which products may be affected by this vulnerability," Cisco added.
News URL
Related news
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)