Security News
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday."On a compromised ASA, the attackers submit shellcode via the host-scan-reply field, which is then parsed by the Line Dancer implant. The host-scan-reply field, typically used in later parts of the SSL VPN session establishment process, is processed by ASA devices configured for SSL VPN, IPsec IKEv2 VPN with 'client-services' or HTTPS management access," the researchers explained.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)...
Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. "But the problem is nobody has complete visibility of what exploits actually exist," he added, and advised admins to upgrade to the latest ASA release on all devices that have the AnyConnect SSL VPN feature enabled on the device's interface.
A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances.The issue, assigned the identifier CVE-2022-20866, has been described as a "Logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software.
Tracked as CVE-2022-20866, this security flaw is due to a weakness in handling RSA keys on ASA and FTD devices. If successfully exploited, it can let unauthenticated attackers retrieve an RSA private key remotely, which they can use to decrypt the device traffic or impersonate Cisco ASA/FTD devices.
Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance and Firepower Threat Defense software, warning that exploitation could lead to crippling denial-of-service attacks. In an advisory that carries a 'high-severity' rating, Cisco said the software cryptography module of both ASA and FTD software is affected by a vulnerability exploitable by either a remote authenticated attacker or an unauthenticated attacker in a man-in-the-middle position.
A security vulnerability in Cisco Adaptive Security Appliance that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.
Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. This Cisco ASA vulnerability is cross-site scripting vulnerability that is tracked as CVE-2020-3580.
Researchers at Positive Technologies published the PoC for the bug on Thursday. Real-World Attacks for Cisco ASA. The Cisco ASA is a cybersecurity perimeter-defense appliance that combines firewall, antivirus, intrusion prevention and virtual private network capabilities, all meant to stop threats from making it onto corporate networks.