Security News
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the...
We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware. More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.
Cisco's executive veep for security Jeetu Patel has predicted that AI will change the infosec landscape, but that end users will eventually pay for the privilege of having a binary brainbox by their side when they go into battle. Speaking at the Asia Pacific incarnation of the Cisco Live event today, in Melbourne, Australia, Patel offered the infosec maxim that attackers only need to get it right once, but defenders need to get it right every time.
Criminal IP, a prominent Cyber Threat Intelligence search engine developed by AI SPERA, has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors by providing a comprehensive solution for threat intelligence and risk assessment. Cisco is a global leader in technology that delivers innovative software-defined networking, cloud, and security solutions, including secure access, vulnerability management, network segmentation, and threat response.
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but thousands of systems continue to be compromised, internet scans show.
Cisco has patched two zero-day vulnerabilities that exposed Cisco IOS XE system software hosts to attackers. These vulnerabilities affected devices running the Cisco IOS XE software, such as routers and switches.
The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting...
After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. The flaw in the networking giant's IOS XE software, which allowed criminals to hijack thousands of Cisco switches and routers, first came to light last Monday.
Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. Both vulnerabilities, which Cisco tracks as CSCwh87343, are in the web UI of Cisco devices running the IOS XE software.
Cisco has released the first fixes for the IOS XE zero-day exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity companies and organizations have noticed a drastic reduction in the number of internet-facing Cisco devices that saddled with the implant.