Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cisco. Show all posts
Exploitation
backdoor vulnerability Cisco Cisco Security CVE exploits CVE vulnerability Cyber Security Exploitation

Cisco CVE-2024-20439: Exploitation Attempts Target Smart Licensing Utility Backdoor

 

A critical vulnerability tracked as CVE-2024-20439 has placed Cisco’s Smart Licensing Utility (CSLU) in the spotlight after cybersecurity researchers observed active exploitation attempts. The flaw, which involves an undocumented static administrative credential, could allow unauthenticated attackers to remotely access affected systems. While it’s still unclear whether the vulnerability has been weaponized in ransomware attacks, security experts have noted suspicious botnet activity linked to it since early January, with a significant surge in mid-March. 

The vulnerability, according to Cisco, cannot be exploited unless the CSLU is actively running—a saving grace for systems not using the utility frequently. However, many organizations rely on the CSLU to manage licenses for Cisco products without requiring constant connectivity to Cisco’s cloud-based Smart Software Manager. This increases the risk of exposure for unpatched systems. Johannes Ullrich, Dean of Research at the SANS Technology Institute, highlighted that the vulnerability effectively acts as a backdoor. 

In fact, he noted that Cisco has a history of embedding static credentials in several of its products. Ullrich’s observation aligns with earlier research by Nicholas Starke, who published a detailed technical analysis of the flaw, including the decoded hardcoded password, just weeks after Cisco issued its patch. This disclosure made it easier for potential attackers to identify and exploit vulnerable systems. In addition to CVE-2024-20439, Cisco addressed another critical flaw, CVE-2024-20440, which allows unauthenticated attackers to extract sensitive data from exposed devices, including API credentials. 

This vulnerability also affects the CSLU and can be exploited by sending specially crafted HTTP requests to a target system. Like the first flaw, it is only active when the CSLU application is running. Researchers have now detected attackers chaining both vulnerabilities to maximize impact. According to Ullrich, scans and probes originating from a small botnet are testing for exposure to these flaws. Although Cisco’s Product Security Incident Response Team (PSIRT) maintains that there’s no confirmed evidence of these flaws being exploited in the wild, the published credentials and recent scan activity suggest otherwise. 

These types of vulnerabilities raise larger concerns about the use of hardcoded credentials in critical infrastructure. Cisco has faced similar issues in the past with other software products, including IOS XE, DNA Center, and Emergency Responder. 

As always, the best defense is prompt patching. Cisco released security updates in September to address both flaws, and organizations running CSLU should immediately apply them. Additionally, any instance of the CSLU running unnecessarily should be disabled to reduce the attack surface. With exploit attempts on the rise and technical details now public, delaying mitigation could have serious consequences.
Read more »
Software
Cisco Cyber Security Hackers Software

Cisco Warns of Critical Security Flaw in IOS XR Software – Immediate Update Recommended




Cisco has issued a security warning about a newly identified vulnerability in its IOS XR Software. This security flaw, labeled CVE-2025-20138, has been rated 8.8 on the CVSS scale, meaning it poses a major risk to affected devices.


What Is the Problem?

The issue is found in the Command Line Interface (CLI) of Cisco’s IOS XR Software. If an attacker gains access to a system with limited user privileges, they can exploit this weakness to execute commands with the highest level of control. This would allow them to make major modifications to the system, potentially leading to severe security threats.

The root of the problem is improper validation of user inputs in certain CLI commands. Because the system does not correctly filter these inputs, attackers can manipulate it using carefully crafted commands. If successful, they can obtain full administrative access, giving them total control over the device.


Who Is Affected?

This vulnerability affects all configurations of Cisco IOS XR 64-bit Software. Users should check Cisco’s official security advisory to confirm if their specific version is vulnerable.

However, some Cisco software versions are confirmed to be unaffected, including:

IOS Software

IOS XE Software

IOS XR 32-bit Software

NX-OS Software

No Quick Fixes—Users Must Update Their Software

Cisco has stated that there are no temporary solutions or workarounds for this security flaw. The only way to protect affected systems is to install the latest software updates provided by Cisco.

The company has outlined which versions require updates:

1. Users running Cisco IOS XR Software Release 24.1 or earlier need to switch to a patched version.

2. Those using Release 24.2 should upgrade to version 24.2.21 when it becomes available.

3. Users on Release 24.3 must transition to a secure version.

Release 24.4 is not affected by this issue.

As of now, there have been no reports of hackers exploiting this flaw. However, because of the severity of the issue, users should not delay in updating their devices.

Cisco is urging all users running affected versions of IOS XR Software to review the security advisory and apply the necessary updates as soon as possible. Keeping software up to date is the only way to ensure systems remain protected from potential cyber threats.

Read more »
uber
Cisco Dell Jobs Layoffs SAP Tech Industry Technology Tesla uber

Big Tech Troubles: Tough Market Conditions Cause 150,00 Job Cuts

Big Tech Troubles: Tough Market Conditions Causes 150,00 Job Cuts


The tech industry has been hit by a wave of layoffs, with over 150,000 workers losing their jobs at major companies like Microsoft, Tesla, Cisco, and Intel. As the market adapts to new economic realities, tech firms are restructuring to reduce costs and align with evolving demands. Below are key instances of these workforce reductions.

Major Workforce Reductions

Intel: To save $10 billion by 2025, Intel has announced layoffs affecting 15,000 employees—approximately 15% of its workforce. The company is scaling back on marketing, capital expenditures, and R&D to address significant financial challenges in a competitive market.

Tesla: Tesla has reduced its workforce by 20,000 employees, impacting junior staff and senior executives alike. Departments like the Supercharging team were hit hardest. According to Bloomberg, these layoffs may account for up to 20% of Tesla's workforce.

Cisco: Cisco has laid off 10,000 employees in two rounds this year—a 5% reduction in February followed by another 7%. CEO Chuck Robbins noted that these changes aim to focus on areas like cybersecurity and AI while adapting to a “normalized demand environment.”

Restructuring Across the Sector

SAP: Enterprise software giant SAP is undergoing a restructuring process affecting 8,000 employees, roughly 7% of its global workforce. This initiative seeks to streamline operations and prioritize future growth areas.

Uber: Since the COVID-19 pandemic, Uber has laid off 6,700 employees, closing some business units and shifting focus away from ventures like self-driving cabs. These adjustments aim to stabilize operations amid shifting market demands.

Economic Shifts Driving Layoffs

Dell: In its second round of layoffs in two years, Dell has cut 6,000 jobs due to declining PC market demand. Additional cuts are anticipated as the company seeks to address cost pressures in a tough economic environment.

These layoffs reflect broader economic shifts as tech companies streamline operations to navigate challenges and focus on strategic priorities like AI, cybersecurity, and operational efficiency.

Read more »
Vulnerabilities and Exploits
Cisco Cybersecurity CyberThreat Excel Hackers macOS Microphone Microsoft App OneNote Outlook TCC Transparency Data Vulnerabilities and Exploits

Mac Users Targeted by Hackers Through Microsoft App Security Flaw

 


During the past couple of weeks, Cisco Talos, one of the world's most respected cybersecurity companies known for its cutting-edge cybersecurity products, has discovered at least eight security vulnerabilities. As a result of these bugs, researchers have found that the cameras and microphones of users of those applications may be accessed by attackers who exploit them for malicious purposes. In addition to this, a vulnerability like this could be exploited to steal other types of sensitive information, which can have a detrimental effect on the security of the system as well. 

It has been reported that many widely used Microsoft apps, including Word, Outlook, Excel, OneNote, Teams, and others, have been affected. To carry out this attack, malicious libraries to gain access to the user's entitlements and permissions are injected into Microsoft apps so that hackers can access a user's entitlements and permissions. According to the problem, this result is caused by the fact that Microsoft apps work with the Transparency and Consent framework on macOS, which allows applications to manage their permissions on a system with the Transparency Consent framework. 

The security vulnerability found in Microsoft's Mac apps made it possible for hackers to spy on Mac users without their knowledge. A security researcher from Cisco Talos posted a blog post explaining how attackers could exploit the vulnerability in Windows and what Microsoft has been doing to fix the problem. According to Cisco Talos, a security company, Microsoft's macOS apps, like Outlook, Word, Teams, OneNote, and Excel, contain a major flaw that renders them unusable. By taking advantage of this vulnerability, attackers can inject malicious libraries into these apps, which will give them access to the permissions and entitlements granted by the user. 

According to Apple's macOS framework, permission-based data collection relies on the Transparency, Consent, and Control framework, which is composed of three components. As a result, macOS will request permission from the user before running new apps and display prompts when an app asks for sensitive information, for example, contacts, photos, webcam data, etc. when the user wants to grant permission from the computer. It is important to understand that the severity of these vulnerabilities varies depending on the app and its permissions. 

There are several ways in which Microsoft Teams, which is a popular tool for professional communication, could be exploited to capture conversations or access sensitive information, for instance. As another example, the report notes that Microsoft Outlook may be used to send unauthorized emails and, ultimately, cause data breaches, according to the report. With the help of TCC, apps must request certain entitlements to access certain features such as the camera, microphone, location services, and other features on the smartphone. 

A majority of apps do not even have to ask for permission to run without these entitlements, preventing access to unauthorized users. Cisco Talos' discovery of the exploit, however, shows that malicious actors are capable of injecting malicious code into Microsoft apps, which then hijacks the permissions that were granted to those apps previously. It means that an attacker with the correct skills can successfully inject code into a software application such as Microsoft Teams or Outlook and gain access to a Mac computer's camera or microphone, allowing them to record audio or take photos without the user's knowledge to do so. 

It was found by Cisco Talo that Microsoft has made an acknowledgement of these security flaws in its applications and has classified them as low risk, in response to Cisco Talo's findings. Additionally, some of Microsoft's applications, including Teams and OneNote, have been updated to address the problem with library validation in these applications. As for other vulnerable apps from Microsoft, such as Excel, PowerPoint, Word, and Outlook, the company has not yet taken action to fix them. Security Concerns Raised Over Vulnerabilities in Microsoft Apps for macOS Recent findings by cybersecurity experts at Cisco Talos have brought to light significant vulnerabilities in popular Microsoft applications for macOS. 

These flaws, discovered in apps such as Outlook, Teams, Word, and Excel, have alarmed users and security professionals alike, as they allow hackers to potentially spy on Mac users by bypassing Apple's stringent security measures. The issue revolves around macOS's Transparency, Consent, and Control (TCC) framework, which is designed to protect users by requiring explicit consent before apps can access sensitive data, such as cameras, microphones, or contacts. However, Cisco Talos researchers uncovered that eight widely used Microsoft apps contained vulnerabilities that could be exploited by attackers to bypass the TCC system. 

This means that hackers could potentially leverage the permissions already granted to these apps to spy on users, send unauthorized emails, or even record videos—all without the user’s knowledge or consent. The researchers expressed concerns about Microsoft’s decision to disable certain security features, such as library validation. This safeguard was originally intended to prevent unauthorized code from being loaded onto an app. 

However, Microsoft’s actions have effectively circumvented the protections offered by the hardened runtime, potentially exposing users to unnecessary security risks. Despite addressing some vulnerabilities, Microsoft has not yet fully resolved the issues across all its macOS applications, leaving apps like Excel, PowerPoint, Word, and Outlook still susceptible to attacks. This partial response has led to further concerns among security experts, who question the rationale behind disabling security measures like library validation when there’s no clear need for additional libraries to be loaded. 

The Cisco Talos team also pointed out that Apple could enhance the security of the TCC framework. One suggestion is to introduce prompts for users whenever third-party plugins are loaded into apps that have already been granted sensitive permissions. This added layer of security would help ensure that users are fully aware of any unusual or unauthorized activities within their applications. Given the current state of these vulnerabilities, both Microsoft and Apple may need to take more proactive steps to protect their users from potential threats. 

As digital communication tools continue to play a critical role in our daily lives, the importance of robust security measures cannot be overstated. In the meantime, Mac users who rely on Microsoft applications are advised to remain vigilant. Keeping their software up to date and monitoring for any unusual activities can help minimize the risk of exploitation. While these companies work on strengthening their defenses, user awareness and caution remain key to navigating the ever-evolving landscape of cybersecurity threats.
Read more »
Zero-day Flaw
Cisco CVE vulnerability Vulnerabilities and Exploits Zero-day Flaw

Cisco Patches NX-OS Zero-Day Exploited by Chinese Attackers

 

Cisco patched a NX-OS zero-day, identified as CVE-2024-20399 (CVSS score of 6.0), which the China-linked group Velvet Ant used to deploy previously unidentified malware as root on vulnerable switches. 

The bug exists in the CLI of Cisco NX-OS Software; an authenticated, local attacker can exploit it to execute arbitrary commands as root on the underlying operating system of the affected device. 

“This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command.” reads the advisory issued by Cisco. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.” 

The IT giant emphasised that only hackers with Administrator privileges can successfully exploit this vulnerability on a Cisco NX-OS system. In April 2024, researchers informed the Cisco Product Security Incident Response Team (PSIRT) that the vulnerability was actively exploited in the wild. Sygnia, a cybersecurity firm, discovered the attacks in April 2024 and reported them to Cisco. The bug impacts the following devices: 

  • MDS 9000 Series Multilayer Switches (CSCwj97007) 
  • Nexus 3000 Series Switches (CSCwj97009) 
  • Nexus 5500 Platform Switches (CSCwj97011) 
  • Nexus 5600 Platform Switches (CSCwj97011) 
  • Nexus 6000 Series Switches (CSCwj97011) 
  • Nexus 7000 Series Switches (CSCwj94682) * 
  • Nexus 9000 Series Switches in standalone NX-OS mode (CSCwj97009) 

Cisco recommends that customers keep track of the credentials used by administrative users network-admin and vdc-admin. Cisco offers the Cisco Software Checker to help customers assess whether their devices are susceptible to this issue. 

In late 2023, Sygnia researchers responded to a critical organization's problem, which they traced to the same China-linked threat actor 'Velvet Ant.' The cyberspies used customised malware on F5 BIG-IP appliances to get persistent access to the target organization's internal network and steal sensitive data.
Read more »
System Exploit
Cisco Cyber Security Software Bug SQL Injection System Exploit

Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. 

A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability

What Is SQL Injection?

SQL injection is a type of security vulnerability that occurs when an attacker manipulates input data to execute arbitrary SQL queries against a database. In the case of Cisco FMC Software, an authenticated attacker can exploit this vulnerability by sending crafted SQL queries to the web-based management interface.

Impact

Successful exploitation of this vulnerability can have severe consequences:

Data Extraction: The attacker can retrieve sensitive data from the database, including user credentials, configuration details, and logs.

Command Execution: By injecting malicious SQL queries, the attacker can execute arbitrary commands on the underlying operating system.

Privilege Escalation: If the attacker gains access to the database, they can potentially elevate their privileges to root.

Mitigation efforts by Cisco

Cisco has published free software upgrades to address the vulnerability mentioned in this advisory. Customers with service contracts that include regular software updates should receive security fixes through their usual update channels.

Customers can only install and receive support for software versions and feature sets for which they have acquired a license.

Cisco has promptly addressed this issue by releasing software updates. Organizations using Cisco FMC Software should take the following steps:

  • Update: Apply the relevant security fixes provided by Cisco. Ensure that your FMC Software is running the latest version.
  • Authentication: Limit access to the FMC interface. Only authorized users should have access, and unnecessary accounts should be disabled.
  • Monitoring: Implement monitoring and intrusion detection systems to detect any suspicious activity related to SQL injection attempts.

Read more »
VoIP
Cisco Data Breach Employee Data Information Security Multi-Factor Authentication (MFA) SMS Supply chain vulnerability third party VoIP

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.
Read more »
Zero Trust
Cisco Cisco Security CISO CISO perspective Cyber Security Identity Market Security Solutions Zero Trust

Cisco: Leadership Awareness Fuels the Booming Identity Market


The latest research conducted by Cisco Investments with venture capital firms reveals that most CISOs believe complexity in tools, number of solutions and technical glossaries are among the many barriers to zero trust. 

It has been observed that around 85% of the IT decision-makers are now setting identity and access management investments as their main priority, rather than any other security solution. This is stated in the CISO Survival Guide published by Cisco Investments, the startup division of Cisco, along with the venture capital firms Forgepoint Capital, NightDragon, and Team8.

Interviews with Cisco customers, chief information security officers, innovators, startup founders, and other experts led to the creation of the 'guide', which examined the cybersecurity market in relation to identity management, data protection, software supply chain integrity, and cloud migration.

From 30,000 feet up: More interoperability, less friction, and data that is genuinely relevant and understandable for decision-makers, according to interviewees, are the most essential requirements.

The main spending priorities of the report were fairly evenly distributed, with user and device identity, cloud identity, governance, and remote access receiving the most mentions from CISOs. 

Cloud security turned out to be the primary concern, with a focus on the newly emerging field of managing cloud infrastructure entitlements.

Demands of CISOs: Ease of Use, Holistic Platforms, CIEMs

The three main areas of identity access management, clouds, and data that CISOs believe are most concerning are:

  • The fragmented world of security silos is because of the lack of unified platforms for IAMs, identity governance and administration, and privileged access control. 
  • Enterprise clients are embracing cloud service providers' offerings for managing cloud infrastructure entitlements.
  • The CISOs were against the use of acronyms since they were bothered by the overuse of acronyms like CIEM.

Moreover, the authors of the Cisco Investment Study note that “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories, only for them to discover they are a rehash of existing solutions.”

Top Motivators Will Look for Management Solutions 

Apparently, some top motivators cited by CISCOs will be investing in identity management solutions for the management of user access privileges, identity compliance, and the swift expansion of companies' threat surfaces.

Here, we are mentioning some of the changes that the IT decision-makers look forward to in the next-generation identity platforms: 

  • Ease of integration (21% of those polled). 
  • Platform-based solution, versus single-point or endpoint offerings (15%). • Ratings from independent analysts (15%). 
  • Price (11%). 
  • Market adoption (11%). 
  • Simplicity of deployment and operations (10%). 
  • Ability to deploy at scale quickly (9%). 
  • Ability to add features easily (8%).     

Read more »
Subscribe to: Posts (Atom)