Security News

On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues. Cisco announced yesterday its intention to acquire Splunk, a renowned name in data observability and security, in a deal valued at approximately $28 billion.

Cisco is making its most expensive acquisition ever - by far - with an announcement it's buying data crunching software firm Splunk for $157 per share, or approximately $28 billion. The transaction, which Cisco said it expects to close in calendar Q3 of 2024, was already unanimously approved by the boards of both companies, and once completed will see Splunk CEO Gary Steele join Cisco's exec team as a direct report to Cisco CEO Chuck Robbins.

Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users to websites that distribute the BatLoader malware. Malwarebytes reports that a malicious Google ad impersonates the official Webex download portal, ranking at the highest position in Google Search results for the "Webex" term.

A new study by Cisco Investments with venture capital firms finds that most CISOs find complexity of tools, number of solutions and users, and even jargon a barrier to zero trust. The guide, which explored the cybersecurity market around identity management, data protection, software supply chain integrity and cloud migration, resulted from interviews with Cisco customers, chief information security officers, innovators, startup founders and other experts.

Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense that is actively exploited by ransomware operations to gain initial access to corporate networks. The medium severity zero-day vulnerability impacts the VPN feature of Cisco ASA and Cisco FTD, allowing unauthorized remote attackers to conduct brute force attacks against existing accounts.

It's described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. "If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."

A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.

A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.

Hackers are targeting Cisco Adaptive Security Appliance SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication. Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access.