Tag: cisco
-
Cisco Duo Expands Beyond MFA, Launches Security-First Identity and Access Management Platform
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-duo-expands-beyond-mfa-launches-security-first-identity-and-access-management-platform
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/botnet-hacks-9-000-plus-asus-routers-to-add-persistent-ssh-backdoor/
-
‘Secure email’: A losing battle CISOs must give up
End-to-end encryption remains elusive: Email continues to be the dominant electronic communication tool today because it is well understood, relatively easy to use, and relatively inexpensive. By and large, businesses have approved email for sending confidential information, and we often convince ourselves that it is secure, can be secured with third-party tools, or it’s “good…
-
Proficio and Cisco Join Forces to Deliver Managed XDR for RoundClock Threat Detection
First seen on scworld.com Jump to article: www.scworld.com/news/proficio-and-cisco-join-forces-to-deliver-managed-xdr-for-round-the-clock-threat-detection
-
Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments
Cisco Talos reported that a Chinese group has deployed web shells and malware in local government networks post-exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-cityworks-local/
-
Cisco Unveils JARVIS: AI Assistant Transforming Platform Engineering
Discover JARVIS, Cisco’s AI assistant that streamlines platform engineering workflows and enhances AI security with ServiceNow. Learn more now! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/cisco-unveils-jarvis-ai-assistant-transforming-platform-engineering/
-
Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments
Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from… First seen on hackread.com Jump to article: hackread.com/chinese-hackers-exploit-cityworks-0day-us-local-agencies/
-
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network.The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into…
-
Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell. Cisco Talos researchers attribute the exploitation of the CVE-2025-0994 in Trimble Cityworks to Chinese-speaking threat actor UAT-6382, based on tools and TTPs used in the intrusions. The vulnerability CVE-2025-0994 (CVSS v4 score of 8.6) is a…
-
Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware
Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in Cityworks, a widely used asset management system. This critical flaw has been leveraged by a group tracked as UAT-6382, assessed with high confidence to be Chinese-speaking threat actors, to target enterprise networks of local governing bodies in the United States…
-
Cisco Webex Meetings Vulnerability Enables HTTP Response Manipulation
Security researchers have uncovered a vulnerability in Cisco Webex Meetings that could allow remote attackers to manipulate HTTP responses without authentication. The cloud-based vulnerability affects the client join services component of the popular videoconferencing platform. Cisco has already addressed the issue, with no user action required for remediation. The vulnerability, reported by security researcher Matthew…
-
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Tags: access, china, cisco, cve, exploit, flaw, government, hacker, malware, network, remote-code-execution, threat, vulnerabilityA Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.”UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers First seen on thehackernews.com Jump…
-
Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation
Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated remote attackers to escalate privileges. The more severe flaw, tracked as CVE-2025-20113, received a CVSS score of 7.1 (High), while the secondary vulnerability, CVE-2025-20114, was rated at 4.3 (Medium). These vulnerabilities affect all configurations of Cisco Unified Intelligence Center, including…
-
Cisco Identity Services RADIUS Vulnerability Allows Attackers to Trigger Denial of Service Condition
Cisco has disclosed a significant security vulnerability in its Identity Services Engine (ISE) that could enable unauthenticated remote attackers to cause denial of service conditions by exploiting flaws in the RADIUS message processing feature. The vulnerability, which was discovered during Cisco’s internal security testing, allows attackers to force affected devices to reload by sending specially…
-
Cybercriminals Could Leverage Google Cloud Platform for Malicious Activities
A Research by Tenable and Cisco Talos has shed light on a critical vulnerability in Google Cloud Platform’s (GCP) Cloud Functions and Cloud Build services, revealing a potential attack vector for cybercriminals. According to Tenable, the default Cloud Build Service Account (SA) previously granted excessive permissions during the deployment of Cloud Functions, a serverless compute…
-
Cisco Hires Former Google Cloud Exec As New Security GM
Cisco has hired former Google Cloud executive Peter Bailey as the new senior vice president and general manager of its security business, executives disclosed Tuesday. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisco-hires-former-google-cloud-exec-as-new-security-gm
-
8 KI-Sicherheitsrisiken, die Unternehmen übersehen
Tags: access, ai, api, application-security, authentication, cisco, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, framework, governance, hacker, injection, LLM, RedTeam, risk, risk-management, security-incident, software, threat, tool, vulnerabilityIn ihrem Wettlauf um Produktivitätssteigerungen durch generative KI übersehen die meisten Unternehmen die damit verbundenen Sicherheitsrisiken.Laut einer Studie des Weltwirtschaftsforums, die in Zusammenarbeit mit Accenture durchgeführt wurde, versäumen es 63 Prozent der Unternehmen, die Sicherheit von KI-Tools vor deren Einsatz zu überprüfen. Dadurch gehen sie eine Reihe von Risiken für ihr Unternehmen ein.Dies gilt sowohl…
-
Duping Cloud Functions: An emerging serverless attack vector
Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/duping-cloud-functions-an-emerging-serverless-attack-vector/
-
Proofpoint buying Hornetsecurity in a play to expand email security scope
One of many big purchases in the industry: While the terms are confidential, sources have reported the price of the Hornetsecurity purchase, which is expected to close in the second half of 2025, to be well over $1 billion. This would make it Proofpoint’s largest acquisition, and also one of the biggest cybersecurity deals in…
-
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats
Cisco Talos, in collaboration with The Vertex Project, has introduced an innovative approach to tackle the rising complexity of compartmentalized cyber threats. As modern cyberattacks increasingly involve multiple threat actors executing distinct stages of an attack kill chain-such as initial access, exploitation, and ransomware deployment-traditional threat modeling frameworks like the Diamond Model have struggled to…
-
Defining a new methodology for modeling and tracking compartmentalized threats
How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/compartmentalized-threat-modeling/
-
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/redefining-initial-access-brokers/
-
The Ongoing Risks of Hardcoded JWT Keys
In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers (WLCs). The vulnerability, tracked as CVE-2025-20188, has a CVSS score of 10.0 and could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system but the real story is that […]…
-
FBI warns that end of life devices are being actively targeted by threat actors
Tags: access, antivirus, attack, authentication, botnet, china, cisco, control, credentials, cve, data-breach, exploit, firewall, firmware, Hardware, identity, infection, intelligence, Internet, malware, network, password, router, sans, service, software, technology, threat, tool, update, vulnerabilityLinksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550, WRT320N, WRT310N, WRT610NCradlepoint E100Cisco M10Threat actors, notably Chinese state-sponsored actors, are successfully exploiting known vulnerabilities in routers exposed to the web through pre-installed remote management software, according to the FBI. They then install malware, set up a botnet, and sell proxy services or launch coordinated attacks.”The…
-
Cisco patches maximum severity vulnerability in IOS XE Software
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-patches-maximum-severity-vulnerability-in-ios-xe-software
-
Cisco patches max-severity flaw allowing arbitrary command execution
Tags: cisco, exploit, flaw, incident response, mitigation, security-incident, service, software, updateA patch is now available: Cisco has released software updates to address the flaw and is advising customers with service contracts entitled to regular updates to apply patches as they receive them.Customers without a service contract are advised to obtain the upgrades by contacting Cisco TAC. This includes customers who either purchase directly from Cisco…
-
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.”The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox,” Cisco Talos…
-
Cisco fixes max severity IOS XE flaw letting attackers hijack devices
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-fixes-max-severity-ios-xe-flaw-letting-attackers-hijack-devices/