Security News

A supplemental notice published by Cisco Talos, the company's threat intelligence arm, revealed greater details about the attack. Upon its investigation, Cisco Talos found that an employee's credentials were compromised after the attacker took control of a personal Google account in which the individual's credentials were stored and synchronized.

"Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10.

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. According the Talos analysts, the attackers started by gaining control of a Cisco employee's personal Google account.

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee's Google account. "During the investigation, it was determined that a Cisco employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser were being synchronized," wrote Cisco Talos in a lengthy breakdown of the attack.

Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised - an act a ransomware gang named "Yanluowang" has now claimed as its work.A Cisco statement asserts the company "Did not identify any impact to [its] business as a result of this incident, including Cisco products or services, sensitive customer data or sensitive employee information, intellectual property, or supply chain operations."

Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. Last week, the threat actor behind the Cisco attack emailed BleepingComputer a directory listing of files allegedly stolen during the attack.

Tracked as CVE-2022-20866, this security flaw is due to a weakness in handling RSA keys on ASA and FTD devices. If successfully exploited, it can let unauthenticated attackers retrieve an RSA private key remotely, which they can use to decrypt the device traffic or impersonate Cisco ASA/FTD devices.

Cisco has revealed four of its small business router ranges have critical flaws - for the second time in 2022 alone. A Wednesday advisory warns owners of the RV160, RV260, RV340, and RV345 Series Routers that the vulnerabilities could allow "An unauthenticated, remote attacker to execute arbitrary code or cause a denial of service condition on an affected device."

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain remote code execution or cause a denial-of-service condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers.

Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service conditions on vulnerable devices.Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers "To execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition," the company explains.