Security News

US and Japan warn of Chinese hackers backdooring Cisco routers
2023-09-27 15:51

US and Japanese law enforcement and cybersecurity agencies warn of the Chinese 'BlackTech' hackers breaching network devices to install custom backdoors for access to corporate networks. The FBI notice warns that the BlackTech hackers use custom, regularly updated malware to backdoor network devices, which are used for persistence, initial access to networks, and to steal data by redirecting traffic to attacker-controlled servers.

Cisco to Acquire Splunk for $28 Billion, Accelerating AI-Enabled Security and Observability
2023-09-22 22:45

On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues. Cisco announced yesterday its intention to acquire Splunk, a renowned name in data observability and security, in a deal valued at approximately $28 billion.

Cisco spends $28B on data cruncher Splunk in cybersecurity push
2023-09-21 14:55

Cisco is making its most expensive acquisition ever - by far - with an announcement it's buying data crunching software firm Splunk for $157 per share, or approximately $28 billion. The transaction, which Cisco said it expects to close in calendar Q3 of 2024, was already unanimously approved by the boards of both companies, and once completed will see Splunk CEO Gary Steele join Cisco's exec team as a direct report to Cisco CEO Chuck Robbins.

Fake Cisco Webex Google Ads abuse tracking templates to push malware
2023-09-14 13:47

Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware. Malwarebytes reports that a malicious Google ad impersonates the official Webex download portal, ranking at the highest position in Google Search results for the "Webex" term.

Cisco: Booming identity market driven by leadership awareness
2023-09-08 18:14

A new study by Cisco Investments with venture capital firms finds that most CISOs find complexity of tools, number of solutions and users, and even jargon a barrier to zero trust. The guide, which explored the cybersecurity market around identity management, data protection, software supply chain integrity and cloud migration, resulted from interviews with Cisco customers, chief information security officers, innovators, startup founders and other experts.

Cisco warns of VPN zero-day exploited by ransomware gangs
2023-09-08 13:32

Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense that is actively exploited by ransomware operations to gain initial access to corporate networks. The medium severity zero-day vulnerability impacts the VPN feature of Cisco ASA and Cisco FTD, allowing unauthorized remote attackers to conduct brute force attacks against existing accounts.

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform
2023-09-08 11:26

It's described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. "If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
2023-09-08 11:00

A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.

Cisco BroadWorks impacted by critical authentication bypass flaw
2023-09-07 20:10

A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.

Cisco VPNs with no MFA enabled hit by ransomware groups
2023-08-31 11:34

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.