Security News

Hackers backdoored Cisco ASA devices via two zero-daysA state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday. How to optimize your bug bounty programsIn this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers.

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed...

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday."On a compromised ASA, the attackers submit shellcode via the host-scan-reply field, which is then parsed by the Line Dancer implant. The host-scan-reply field, typically used in later parts of the SSL VPN session establishment process, is processed by ASA devices configured for SSL VPN, IPsec IKEv2 VPN with 'client-services' or HTTPS management access," the researchers explained.

Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance and Firepower Threat Defense firewalls since November 2023 to breach government networks worldwide. The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor.

AI's newfound accessibility will cause a surge in prompt hacking attempts and private GPT models used for nefarious purposes, a new report revealed. Experts at the cyber security company Radware forecast the impact that AI will have on the threat landscape in the 2024 Global Threat Analysis Report.

A vulnerability in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. According to Censys, there are currently 9,600+ publicly-exposed CrushFTP hosts, mostly in North America and Europe.

MITRE has been breached by attackers via two zero-day vulnerabilities in Ivanti's Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network's VMware infrastructure, MITRE confirmed late last week.

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the...

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. The company also warned customers with servers still running CrushFTP v9 to immediately upgrade to v11 or update their instance via the dashboard.

The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. The incident was discovered after suspicious activity was detected on MITRE's Networked Experimentation, Research, and Virtualization Environment, an unclassified collaborative network used for research and development.