Security News

Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense that is actively exploited by ransomware operations to gain initial access to corporate networks. The medium severity zero-day vulnerability impacts the VPN feature of Cisco ASA and Cisco FTD, allowing unauthorized remote attackers to conduct brute force attacks against existing accounts.

It's described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. "If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."

A vulnerability in Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. An unauthenticated, remote attacker to conduct a brute force attack to identify valid username and password combinations that can be used to establish an unauthorized remote access VPN session, or.

A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.

Since March 2023, affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. "In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default passwords; in others, the activity we've observed appears to be the result of targeted brute-force attacks on ASA appliances where multi-factor authentication was either not enabled or was not enforced for all users," Rapid7 researchers said on Tuesday.

Hackers are targeting Cisco Adaptive Security Appliance SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication. Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access.

The Cisco Talos report exposes new malware used by the group to target Internet backbone infrastructure and healthcare organizations in the U.K. and the U.S. Two reports from cybersecurity company Cisco Talos provide intelligence about a new attack campaign from the North Korean threat actor Lazarus. The researchers observed the Lazarus group successfully compromise an internet backbone infrastructure provider in the U.K. in early 2023, deploying a new malware dubbed QuiteRAT. The initial compromise was done via exploitation of the CVE-2022-47966 vulnerability, which affects Zoho's ManageEngine ServiceDesk.

There's mounting evidence that Akira ransomware targets Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Akira ransomware is a relatively new ransomware operation launched in March 2023, with the group later adding a Linux encryptor to target VMware ESXi virtual machines.

In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform. Remediation is a capability that Cisco has added to its XDR platform, which the company announced at the RSA conference in April and launched for general availability globally on Tuesday.

The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected...