Security News

Hacking campaign bruteforces Cisco VPNs to breach networks
2023-08-30 16:00

Hackers are targeting Cisco Adaptive Security Appliance SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication. Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access.

Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses
2023-08-25 22:04

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.

Akira ransomware targets Cisco VPNs to breach organizations
2023-08-22 13:00

There's mounting evidence that Akira ransomware targets Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Akira ransomware is a relatively new ransomware operation launched in March 2023, with the group later adding a Linux encryptor to target VMware ESXi virtual machines.

Cisco announces general availability of XDR platform
2023-08-03 17:21

In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform. Remediation is a capability that Cisco has added to its XDR platform, which the company announced at the RSA conference in April and launched for general availability globally on Tuesday.

Cisco SD-WAN vManage impacted by unauthenticated REST API access
2023-07-13 21:53

The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected...

Cisco Talos Reports Microsoft Windows Policy Loophole Being Exploited by Threat Actor
2023-07-11 19:09

Learn how a malicious driver exploits a loophole in the Windows operating system to run at kernel level. Cisco Talos discovered a new Microsoft Windows policy loophole that allows a threat actor to sign malicious kernel-mode drivers executed by the operating system.

Cisco warns of bug that lets attackers break traffic encryption
2023-07-06 10:35

Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.

PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178)
2023-06-23 12:58

Proof-of-concept exploit code for the high-severity vulnerability in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. Cisco Secure Client Software - previously known as Cisco AnyConnect Secure Mobility Client - is unified endpoint security software designed to assist businesses in expanding their network access capabilities and enabling remote employees to connect via both wired and wireless connections, including VPN. In early June, Cisco published a security advisory about CVE-2023-20178, a vulnerability in the client update process of both Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows.

Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
2023-06-21 21:49

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows that can let attackers elevate privileges to SYSTEM. Cisco Secure Client helps employees to work from anywhere using a secure Virtual Private Network and provides network admins with telemetry and endpoint management features.Cisco released security updates to address this security bug last Tuesday when it said its Product Security Incident Response Team did not have evidence of malicious use or public exploit code targeting the bug in the wild.

Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users
2023-06-16 16:56

The Windows 11 22H2 KB5027231 cumulative update released during this month's Patch Tuesday also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions. As BleepingComputer reported on Wednesday, Windows admins and users report having issues launching the web browser after installing the KB5027231 Windows 11 updates.