Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cisco. Show all posts
VPN attack
Cisco cyber attack State Sponsored Hackers VPN attack

China-linked Hackers Exploit Critical Cisco Zero-day as VPN Attacks Surge

 

A China linked advanced persistent threat has been exploiting a previously unknown vulnerability in Cisco email security appliances, while a separate wave of large scale brute force attacks has targeted virtual private networks from Cisco and Palo Alto Networks, security researchers said. 

Cisco said on Wednesday it had identified a threat group it tracks as UAT 9686 that has been abusing a critical zero day flaw in appliances running its AsyncOS software. The vulnerability, tracked as CVE 2025 20393, carries a maximum severity score of 10 and remains unpatched. 

AsyncOS powers Cisco Secure Email Gateway and Secure Email and Web Manager products, which are used to protect organisations from spam and malware and to centrally manage email security systems. The flaw affects systems where the Spam Quarantine feature is enabled and accessible from the internet. 

Under those conditions, attackers can bypass normal controls, gain root level access and run arbitrary commands on the appliance and potentially connected systems. Cisco said the activity dates back to at least late November. 

According to Cisco Talos, UAT 9686 used the vulnerability to deploy multiple tools after gaining access, including the open source tunnelling utility Chisel and a custom malware family known as Aqua. 

The main backdoor, AquaShell, is a lightweight Python implant that is delivered as encoded data and hidden within existing system files. It is accompanied by tools designed to erase logs and maintain persistent remote access through encrypted connections. 

Talos said the group’s infrastructure and techniques overlap with known Chinese cyber espionage actors such as APT41 and UNC5174. Cisco said it has advised customers to disable internet access to the Spam Quarantine feature as a temporary measure and is working on a permanent fix. 

Separately, researchers observed a sharp spike in brute force attacks against VPN services shortly after Cisco detected the email security campaign.

GreyNoise said that within a 16 hour window, more than 10,000 unique IP addresses generated about 1.7 million authentication attempts against Palo Alto Networks GlobalProtect VPNs. 

The activity largely targeted organisations in the United States, Mexico and Pakistan. The following day, similar attacks shifted to Cisco VPN endpoints, with a significant rise in automated login attempts. 

The campaign relied on standard SSL VPN login flows and appeared aimed at identifying weak or reused credentials. The activity stopped as abruptly as it began. GreyNoise said such short lived, high volume attacks are often used to quickly map exposed systems before defenders can respond. 

The firm advised organisations to review edge device security, enforce strong passwords and enable multifactor authentication, noting that operational complexity and fear of disruption often delay such measures despite their importance.
Read more »
zero Day vulnerability
Cisco Cyber Security Data Theft Pornhub United States zero Day vulnerability

This Week in Cybersecurity: User Data Theft, AI-Driven Fraud, and System Vulnerabilities

 



This week surfaced several developments that accentuate how cyber threats continue to affect individuals, corporations, and governments across the globe.

In the United States, federal records indicate that Customs and Border Protection is expanding its use of small surveillance drones, shifting from limited testing to routine deployment. These unmanned systems are expected to significantly widen the agency’s monitoring capabilities, with some operations extending beyond physical U.S. borders. At the same time, Immigration and Customs Enforcement is preparing to roll out a new cybersecurity contract that would increase digital monitoring of its workforce. This move aligns with broader government efforts to tighten internal controls amid growing concerns about leaks and internal opposition.

On the criminal front, a major data extortion case has emerged involving user records linked to PornHub, one of the world’s most visited adult platforms. A hacking group associated with a broader online collective claims to have obtained hundreds of millions of data entries tied to paid users. The stolen material reportedly includes account-linked browsing activity and email addresses. The company has stated that the data appears to originate from a third-party analytics service it previously relied on, meaning the exposed records may be several years old. While sensitive financial credentials were not reported as part of the breach, the attackers have allegedly attempted to pressure the company through extortion demands, raising concerns about how behavioral data can be weaponized even years after collection.

Geopolitical tensions also spilled into cyberspace this week. Venezuela’s state oil firm reported a cyber incident affecting its administrative systems, occurring shortly after U.S. authorities seized an oil tanker carrying Venezuelan crude. Officials in Caracas accused Washington of being behind the intrusion, framing it as part of a broader campaign targeting the country’s energy sector. Although the company said oil production continued, external reporting suggests that internal systems were temporarily disabled and shipping operations were disrupted. The U.S. government has not publicly accepted responsibility, and no independently verified technical evidence has been released.

In enterprise security, Cisco disclosed an actively exploited zero-day vulnerability affecting certain email security products used by organizations worldwide. Researchers confirmed that attackers had been abusing the flaw for weeks before public disclosure. The weakness exists within a specific email filtering feature and can allow unauthorized access under certain configurations. Cisco has not yet issued a patch but has advised customers to disable affected components as a temporary safeguard while remediation efforts continue.

Separately, two employees from cybersecurity firms admitted guilt in a ransomware operation, highlighting insider risk within the security industry itself. Court records show that the individuals used their professional expertise to carry out extortion attacks, including one case that resulted in a seven-figure ransom payment.

Together, these incidents reflect the expanding scope of cyber risk, spanning personal data privacy, national infrastructure, corporate security, and insider threats. Staying informed, verifying claims, and maintaining updated defenses remain essential in an increasingly complex digital environment.


Read more »
Zero Trust
ai agents Cisco Technology Zero Trust

Cisco Introduces New Tools to Protect Networks from Rogue AI Agents

 



As artificial intelligence (AI) becomes more advanced, it also creates new risks for cybersecurity. AI agents—programs that can make decisions and act on their own—are now being used in harmful ways. Some are launched by cybercriminals or even unhappy employees, while others may simply malfunction and cause damage. Cisco, a well-known technology company, has introduced new security solutions aimed at stopping these unpredictable AI agents before they can cause serious harm inside company networks.


The Growing Threat of AI in Cybersecurity

Traditional cybersecurity methods, such as firewalls and access controls, were originally designed to block viruses and unauthorized users. However, these defenses may not be strong enough to deal with intelligent AI agents that can move within networks, find weak spots, and spread quickly. Attackers now have the ability to launch AI-powered threats that are faster, more complex, and cheaper to operate. This creates a huge challenge for cybersecurity teams who are already stretched thin.


Cisco’s Zero Trust Approach

To address this, Cisco is focusing on a security method called Zero Trust. The basic idea behind Zero Trust is that no one and nothing inside a network should be automatically trusted. Every user, device, and application must be verified every time they try to access something new. Imagine a house where every room has its own lock, and just because you entered one room doesn't mean you can walk freely into the next. This layered security helps block the movement of malicious AI agents.

Cisco’s Universal Zero Trust Network Access (ZTNA) applies this approach across the entire network. It covers everything from employee devices to Internet of Things (IoT) gadgets that are often less secure. Cisco’s system also uses AI-powered insights to monitor activity and quickly detect anything unusual.


Building Stronger Defenses

Cisco is also introducing a Hybrid Mesh Firewall, which is not just a single device but a network-wide security system. It is designed to protect companies across different environments, whether their data is stored on-site or in the cloud.

To make identity checks easier and more reliable, Cisco is updating its Duo Identity and Access Management (IAM) service. This tool will help confirm that the right people and devices are accessing the right resources, with features like passwordless logins and location-based verification. Cisco has been improving this service since acquiring Duo Security in 2018.


New Firewalls for High-Speed Data

In addition to its Zero Trust solutions, Cisco is launching two new firewall models: the Secure Firewall 6100 Series and the Secure Firewall 200 Series. These firewalls are built for modern data centers that handle large amounts of information, especially those using AI. The 6100 series, for example, can process high-speed data traffic while taking up minimal physical space.

Cisco’s latest security solutions are designed to help organizations stay ahead in the fight against rapidly evolving AI-powered threats.

Read more »
Exploitation
backdoor vulnerability Cisco Cisco Security CVE exploits CVE vulnerability Cyber Security Exploitation

Cisco CVE-2024-20439: Exploitation Attempts Target Smart Licensing Utility Backdoor

 

A critical vulnerability tracked as CVE-2024-20439 has placed Cisco’s Smart Licensing Utility (CSLU) in the spotlight after cybersecurity researchers observed active exploitation attempts. The flaw, which involves an undocumented static administrative credential, could allow unauthenticated attackers to remotely access affected systems. While it’s still unclear whether the vulnerability has been weaponized in ransomware attacks, security experts have noted suspicious botnet activity linked to it since early January, with a significant surge in mid-March. 

The vulnerability, according to Cisco, cannot be exploited unless the CSLU is actively running—a saving grace for systems not using the utility frequently. However, many organizations rely on the CSLU to manage licenses for Cisco products without requiring constant connectivity to Cisco’s cloud-based Smart Software Manager. This increases the risk of exposure for unpatched systems. Johannes Ullrich, Dean of Research at the SANS Technology Institute, highlighted that the vulnerability effectively acts as a backdoor. 

In fact, he noted that Cisco has a history of embedding static credentials in several of its products. Ullrich’s observation aligns with earlier research by Nicholas Starke, who published a detailed technical analysis of the flaw, including the decoded hardcoded password, just weeks after Cisco issued its patch. This disclosure made it easier for potential attackers to identify and exploit vulnerable systems. In addition to CVE-2024-20439, Cisco addressed another critical flaw, CVE-2024-20440, which allows unauthenticated attackers to extract sensitive data from exposed devices, including API credentials. 

This vulnerability also affects the CSLU and can be exploited by sending specially crafted HTTP requests to a target system. Like the first flaw, it is only active when the CSLU application is running. Researchers have now detected attackers chaining both vulnerabilities to maximize impact. According to Ullrich, scans and probes originating from a small botnet are testing for exposure to these flaws. Although Cisco’s Product Security Incident Response Team (PSIRT) maintains that there’s no confirmed evidence of these flaws being exploited in the wild, the published credentials and recent scan activity suggest otherwise. 

These types of vulnerabilities raise larger concerns about the use of hardcoded credentials in critical infrastructure. Cisco has faced similar issues in the past with other software products, including IOS XE, DNA Center, and Emergency Responder. 

As always, the best defense is prompt patching. Cisco released security updates in September to address both flaws, and organizations running CSLU should immediately apply them. Additionally, any instance of the CSLU running unnecessarily should be disabled to reduce the attack surface. With exploit attempts on the rise and technical details now public, delaying mitigation could have serious consequences.
Read more »
Software
Cisco Cyber Security Hackers Software

Cisco Warns of Critical Security Flaw in IOS XR Software – Immediate Update Recommended




Cisco has issued a security warning about a newly identified vulnerability in its IOS XR Software. This security flaw, labeled CVE-2025-20138, has been rated 8.8 on the CVSS scale, meaning it poses a major risk to affected devices.


What Is the Problem?

The issue is found in the Command Line Interface (CLI) of Cisco’s IOS XR Software. If an attacker gains access to a system with limited user privileges, they can exploit this weakness to execute commands with the highest level of control. This would allow them to make major modifications to the system, potentially leading to severe security threats.

The root of the problem is improper validation of user inputs in certain CLI commands. Because the system does not correctly filter these inputs, attackers can manipulate it using carefully crafted commands. If successful, they can obtain full administrative access, giving them total control over the device.


Who Is Affected?

This vulnerability affects all configurations of Cisco IOS XR 64-bit Software. Users should check Cisco’s official security advisory to confirm if their specific version is vulnerable.

However, some Cisco software versions are confirmed to be unaffected, including:

IOS Software

IOS XE Software

IOS XR 32-bit Software

NX-OS Software

No Quick Fixes—Users Must Update Their Software

Cisco has stated that there are no temporary solutions or workarounds for this security flaw. The only way to protect affected systems is to install the latest software updates provided by Cisco.

The company has outlined which versions require updates:

1. Users running Cisco IOS XR Software Release 24.1 or earlier need to switch to a patched version.

2. Those using Release 24.2 should upgrade to version 24.2.21 when it becomes available.

3. Users on Release 24.3 must transition to a secure version.

Release 24.4 is not affected by this issue.

As of now, there have been no reports of hackers exploiting this flaw. However, because of the severity of the issue, users should not delay in updating their devices.

Cisco is urging all users running affected versions of IOS XR Software to review the security advisory and apply the necessary updates as soon as possible. Keeping software up to date is the only way to ensure systems remain protected from potential cyber threats.

Read more »
uber
Cisco Dell Jobs Layoffs SAP Tech Industry Technology Tesla uber

Big Tech Troubles: Tough Market Conditions Cause 150,00 Job Cuts

Big Tech Troubles: Tough Market Conditions Causes 150,00 Job Cuts


The tech industry has been hit by a wave of layoffs, with over 150,000 workers losing their jobs at major companies like Microsoft, Tesla, Cisco, and Intel. As the market adapts to new economic realities, tech firms are restructuring to reduce costs and align with evolving demands. Below are key instances of these workforce reductions.

Major Workforce Reductions

Intel: To save $10 billion by 2025, Intel has announced layoffs affecting 15,000 employees—approximately 15% of its workforce. The company is scaling back on marketing, capital expenditures, and R&D to address significant financial challenges in a competitive market.

Tesla: Tesla has reduced its workforce by 20,000 employees, impacting junior staff and senior executives alike. Departments like the Supercharging team were hit hardest. According to Bloomberg, these layoffs may account for up to 20% of Tesla's workforce.

Cisco: Cisco has laid off 10,000 employees in two rounds this year—a 5% reduction in February followed by another 7%. CEO Chuck Robbins noted that these changes aim to focus on areas like cybersecurity and AI while adapting to a “normalized demand environment.”

Restructuring Across the Sector

SAP: Enterprise software giant SAP is undergoing a restructuring process affecting 8,000 employees, roughly 7% of its global workforce. This initiative seeks to streamline operations and prioritize future growth areas.

Uber: Since the COVID-19 pandemic, Uber has laid off 6,700 employees, closing some business units and shifting focus away from ventures like self-driving cabs. These adjustments aim to stabilize operations amid shifting market demands.

Economic Shifts Driving Layoffs

Dell: In its second round of layoffs in two years, Dell has cut 6,000 jobs due to declining PC market demand. Additional cuts are anticipated as the company seeks to address cost pressures in a tough economic environment.

These layoffs reflect broader economic shifts as tech companies streamline operations to navigate challenges and focus on strategic priorities like AI, cybersecurity, and operational efficiency.

Read more »
Vulnerabilities and Exploits
Cisco Cybersecurity CyberThreat Excel Hackers macOS Microphone Microsoft App OneNote Outlook TCC Transparency Data Vulnerabilities and Exploits

Mac Users Targeted by Hackers Through Microsoft App Security Flaw

 


During the past couple of weeks, Cisco Talos, one of the world's most respected cybersecurity companies known for its cutting-edge cybersecurity products, has discovered at least eight security vulnerabilities. As a result of these bugs, researchers have found that the cameras and microphones of users of those applications may be accessed by attackers who exploit them for malicious purposes. In addition to this, a vulnerability like this could be exploited to steal other types of sensitive information, which can have a detrimental effect on the security of the system as well. 

It has been reported that many widely used Microsoft apps, including Word, Outlook, Excel, OneNote, Teams, and others, have been affected. To carry out this attack, malicious libraries to gain access to the user's entitlements and permissions are injected into Microsoft apps so that hackers can access a user's entitlements and permissions. According to the problem, this result is caused by the fact that Microsoft apps work with the Transparency and Consent framework on macOS, which allows applications to manage their permissions on a system with the Transparency Consent framework. 

The security vulnerability found in Microsoft's Mac apps made it possible for hackers to spy on Mac users without their knowledge. A security researcher from Cisco Talos posted a blog post explaining how attackers could exploit the vulnerability in Windows and what Microsoft has been doing to fix the problem. According to Cisco Talos, a security company, Microsoft's macOS apps, like Outlook, Word, Teams, OneNote, and Excel, contain a major flaw that renders them unusable. By taking advantage of this vulnerability, attackers can inject malicious libraries into these apps, which will give them access to the permissions and entitlements granted by the user. 

According to Apple's macOS framework, permission-based data collection relies on the Transparency, Consent, and Control framework, which is composed of three components. As a result, macOS will request permission from the user before running new apps and display prompts when an app asks for sensitive information, for example, contacts, photos, webcam data, etc. when the user wants to grant permission from the computer. It is important to understand that the severity of these vulnerabilities varies depending on the app and its permissions. 

There are several ways in which Microsoft Teams, which is a popular tool for professional communication, could be exploited to capture conversations or access sensitive information, for instance. As another example, the report notes that Microsoft Outlook may be used to send unauthorized emails and, ultimately, cause data breaches, according to the report. With the help of TCC, apps must request certain entitlements to access certain features such as the camera, microphone, location services, and other features on the smartphone. 

A majority of apps do not even have to ask for permission to run without these entitlements, preventing access to unauthorized users. Cisco Talos' discovery of the exploit, however, shows that malicious actors are capable of injecting malicious code into Microsoft apps, which then hijacks the permissions that were granted to those apps previously. It means that an attacker with the correct skills can successfully inject code into a software application such as Microsoft Teams or Outlook and gain access to a Mac computer's camera or microphone, allowing them to record audio or take photos without the user's knowledge to do so. 

It was found by Cisco Talo that Microsoft has made an acknowledgement of these security flaws in its applications and has classified them as low risk, in response to Cisco Talo's findings. Additionally, some of Microsoft's applications, including Teams and OneNote, have been updated to address the problem with library validation in these applications. As for other vulnerable apps from Microsoft, such as Excel, PowerPoint, Word, and Outlook, the company has not yet taken action to fix them. Security Concerns Raised Over Vulnerabilities in Microsoft Apps for macOS Recent findings by cybersecurity experts at Cisco Talos have brought to light significant vulnerabilities in popular Microsoft applications for macOS. 

These flaws, discovered in apps such as Outlook, Teams, Word, and Excel, have alarmed users and security professionals alike, as they allow hackers to potentially spy on Mac users by bypassing Apple's stringent security measures. The issue revolves around macOS's Transparency, Consent, and Control (TCC) framework, which is designed to protect users by requiring explicit consent before apps can access sensitive data, such as cameras, microphones, or contacts. However, Cisco Talos researchers uncovered that eight widely used Microsoft apps contained vulnerabilities that could be exploited by attackers to bypass the TCC system. 

This means that hackers could potentially leverage the permissions already granted to these apps to spy on users, send unauthorized emails, or even record videos—all without the user’s knowledge or consent. The researchers expressed concerns about Microsoft’s decision to disable certain security features, such as library validation. This safeguard was originally intended to prevent unauthorized code from being loaded onto an app. 

However, Microsoft’s actions have effectively circumvented the protections offered by the hardened runtime, potentially exposing users to unnecessary security risks. Despite addressing some vulnerabilities, Microsoft has not yet fully resolved the issues across all its macOS applications, leaving apps like Excel, PowerPoint, Word, and Outlook still susceptible to attacks. This partial response has led to further concerns among security experts, who question the rationale behind disabling security measures like library validation when there’s no clear need for additional libraries to be loaded. 

The Cisco Talos team also pointed out that Apple could enhance the security of the TCC framework. One suggestion is to introduce prompts for users whenever third-party plugins are loaded into apps that have already been granted sensitive permissions. This added layer of security would help ensure that users are fully aware of any unusual or unauthorized activities within their applications. Given the current state of these vulnerabilities, both Microsoft and Apple may need to take more proactive steps to protect their users from potential threats. 

As digital communication tools continue to play a critical role in our daily lives, the importance of robust security measures cannot be overstated. In the meantime, Mac users who rely on Microsoft applications are advised to remain vigilant. Keeping their software up to date and monitoring for any unusual activities can help minimize the risk of exploitation. While these companies work on strengthening their defenses, user awareness and caution remain key to navigating the ever-evolving landscape of cybersecurity threats.
Read more »
Zero-day Flaw
Cisco CVE vulnerability Vulnerabilities and Exploits Zero-day Flaw

Cisco Patches NX-OS Zero-Day Exploited by Chinese Attackers

 

Cisco patched a NX-OS zero-day, identified as CVE-2024-20399 (CVSS score of 6.0), which the China-linked group Velvet Ant used to deploy previously unidentified malware as root on vulnerable switches. 

The bug exists in the CLI of Cisco NX-OS Software; an authenticated, local attacker can exploit it to execute arbitrary commands as root on the underlying operating system of the affected device. 

“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command.” reads the advisory issued by Cisco. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.” 

The IT giant emphasised that only hackers with Administrator privileges can successfully exploit this vulnerability on a Cisco NX-OS system. In April 2024, researchers informed the Cisco Product Security Incident Response Team (PSIRT) that the vulnerability was actively exploited in the wild. Sygnia, a cybersecurity firm, discovered the attacks in April 2024 and reported them to Cisco. The bug impacts the following devices: 

  • MDS 9000 Series Multilayer Switches (CSCwj97007) 
  • Nexus 3000 Series Switches (CSCwj97009) 
  • Nexus 5500 Platform Switches (CSCwj97011) 
  • Nexus 5600 Platform Switches (CSCwj97011) 
  • Nexus 6000 Series Switches (CSCwj97011) 
  • Nexus 7000 Series Switches (CSCwj94682) * 
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwj97009) 

Cisco recommends that customers keep track of the credentials used by administrative users network-admin and vdc-admin. Cisco offers the Cisco Software Checker to help customers assess whether their devices are susceptible to this issue. 

In late 2023, Sygnia researchers responded to a critical organization's problem, which they traced to the same China-linked threat actor 'Velvet Ant.' The cyberspies used customised malware on F5 BIG-IP appliances to get persistent access to the target organization's internal network and steal sensitive data.
Read more »
Subscribe to: Comments (Atom)