Tag: cisco
-
Splunk Unveils PLoB Tool to Detect Compromised Credential Usage
Splunk has introduced PLoB (Post-Logon Behaviour Fingerprinting and Detection) in a world where compromised credentials remain the primary vector for initial access in more than half of cybersecurity incidents, as noted in the Cisco Talos IR Trends report for Q1 2025 and supported by the Verizon Data Breach Investigations Report, which shows 22% of breaches…
-
Payback: ‘ShinyHunters’ Clocks Google via Salesforce
In 2024, it was Snowflake. In 2025, it’s Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/payback-shinyhunters-google-salesforce
-
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919) in Dell’s ControlVault3 firmware that expose over 100 laptop models to firmware implants and Windows login bypass via physical…
-
ITJobs 5 bittere Wahrheiten
Tags: breach, business, cio, cisco, ciso, cybersecurity, cyersecurity, gartner, germany, jobs, network, risk, risk-management, strategy, trainingViel Geld schützt nicht vor Burnout.Die Nachfrage nach Cybersecurity-Spezialisten ist ähnlich hoch wie deren Gehälter. Laut einem aktuellen, US-zentrischen Benchmark Report von IANS und Artico Search liegt das durchschnittliche Grundgehalt für Führungsrollen im Bereich IT-Security in Nordamerika bei mehr als 150.000 Dollar jährlich. Und auch wenn die Vergütung in Europa und Deutschland generell etwas geringer…
-
ITJobs 5 bittere Wahrheiten
Tags: breach, business, cio, cisco, ciso, cybersecurity, cyersecurity, gartner, germany, jobs, network, risk, risk-management, strategy, trainingViel Geld schützt nicht vor Burnout.Die Nachfrage nach Cybersecurity-Spezialisten ist ähnlich hoch wie deren Gehälter. Laut einem aktuellen, US-zentrischen Benchmark Report von IANS und Artico Search liegt das durchschnittliche Grundgehalt für Führungsrollen im Bereich IT-Security in Nordamerika bei mehr als 150.000 Dollar jährlich. Und auch wenn die Vergütung in Europa und Deutschland generell etwas geringer…
-
ReVault flaws let attackers bypass Windows login or place malware implants on Dell laptops
Planting implants: An investigation by Cisco Talos uncovered two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050) an arbitrary free (CVE-2025-25215) and a stack-overflow flaw (CVE-2025-24922), all affecting the ControlVault firmware.The same researchers also discovered an unsafe deserialization flaw (CVE-2025-24919) affecting ControlVault’s Windows APIs. This vulnerability makes it possible to trigger arbitrary code execution on the ControlVault firmware, allowing…
-
Cisco Talos Researcher Reveals Method That Causes LLMs to Expose Training Data
In this TechRepublic interview, researcher Amy Chang details the decomposition method and shares how organizations can protect themselves from LLM data extraction. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-talos-generative-ai-llm-decomposition/
-
Cisco discloses data breach impacting Cisco.com user accounts
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-discloses-data-breach-impacting-ciscocom-user-accounts/
-
Top cybersecurity M&A deals for 2025
Tags: 5G, access, ai, api, apple, application-security, attack, automation, awareness, banking, breach, business, ceo, cisco, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, ddos, defense, detection, edr, email, endpoint, finance, firewall, gitlab, government, group, ibm, identity, incident response, infrastructure, intelligence, leak, microsoft, mitigation, network, password, programming, risk, risk-management, saas, service, software, sophos, strategy, supply-chain, technology, threat, tool, training, vulnerability, waf, zero-trustPalo Alto Networks to buy CyberArk for $25B as identity security takes center stage July 30, 2025: Palo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. “We envision Identity Security becoming the next major pillar of our multi-platform strategy, complementing our leadership…
-
Cisco Talos Researcher Reveals Method That Causes LLMs to Reveal Training Data
In this TechRepublic interview, researcher Amy Chang details the decomposition method and shares how organizations can protect themselves from LLM data extraction. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-talos-generative-ai-llm-decomposition/
-
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks
In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/backdoors-breaches-how-talos-is-helping-humanitarian-aid-ngos-prepare-for-cyber-attacks/
-
Wie EDR EDR aushebelt
Tags: access, cisco, crowdstrike, cyberattack, detection, edr, endpoint, firewall, monitoring, software, tool, vulnerabilityLegitime Security-Tools gegeneinander auszuspielen, eröffnet Cyberkriminellen diverse Vorteile.Cybersicherheitsforscher haben einen unheilvollen neuen Angriffsvektor entdeckt. Dabei könnten Angreifer kostenlose Testversionen von Endpoint Detection and Response (EDR)-Software dazu missbrauchen, vorhandene Sicherheits-Tools zu deaktivieren. Die Researcher Ezra Woods und Mike Manrod haben das Phänomen entdeckt und dokumentiert, das sie als “EDR-on-EDR Violence” bezeichnen. Ihre Erkenntnisse haben die Sicherheitsexperten…
-
Breach Roundup: Did China Have a Sneak Peek Into ToolShell?
Also: ToolShell Hits South Africa, Most Americans Are Online Fraud Victims. This week: Did China sneak a peek into ToolShell? ToolShell hacking in South Africa, Cisco flaws, an Arizona woman sentenced for aiding North Korea. Most Americans scammed online, a NASCAR data breach and a claimed data leak at France’s Naval Group. Orange telecom disrupted.…
-
Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect
Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you’re interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here’s where and how to find us. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/cisco-talos-at-black-hat-2025-briefings-booth-talks-and-what-to-expect/
-
CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine
Tags: cisa, cisco, cybersecurity, exploit, flaw, hacker, identity, infrastructure, service, vulnerabilityHackers are actively exploiting two critical flaws in Cisco Identity Services Engine, said the US Cybersecurity and Infrastructure Security Agency First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-kev-cisco-ise/
-
CISA Adds Cisco ISE and PaperCut Vulnerabilities to Known Exploited Vulnerabilities Catalog
Tags: cisa, cisco, cybersecurity, exploit, flaw, identity, infrastructure, kev, remote-code-execution, service, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three high-impact vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include two unauthenticated remote code execution flaws in Cisco Identity Services Engine (ISE) and one cross-site request forgery (CSRF) vulnerability affecting PaperCut NG/MF software. First seen on thecyberexpress.com Jump to…
-
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw
Tags: access, cisco, control, cve, cyber, data-breach, exploit, flaw, identity, network, remote-code-execution, service, vulnerability, zero-daySecurity researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform and has been actively exploited in the wild. Critical Zero-Day Vulnerability Exposed The vulnerability was…
-
CISA Issues Alert on Cisco Identity Services Engine Flaw Exploited in Active Attacks
Tags: attack, cisa, cisco, cyber, cybersecurity, exploit, flaw, identity, infrastructure, injection, kev, risk, service, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding severe vulnerabilities in Cisco’s Identity Services Engine (ISE) that are being actively exploited by threat actors. The agency added two critical injection vulnerabilities to its Known Exploited Vulnerabilities Catalog on July 28, 2025, signaling immediate risks to organizations using the affected…
-
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Cisco confirmed attempted exploitation…
-
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-available-for-critical-cisco-ise-bug-exploited-in-attacks/
-
Cisco Patches Three Critical Vulnerabilities Here are the Products Affected
Three separate vulnerabilities impact Cisco’s identity services. All have been patched. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/security/cisco-ise-vulnerabilities/
-
New Chaos Ransomware Emerges, Launches Wave of Attacks
Cisco Talos warned that the Chaos group, thought to be formed of former BlackSuit members, has launched a wave of attacks targeted a variety of sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chaos-ransomware-wave-attacks/
-
Cisco network access security platform vulnerabilities under active exploitation
The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-identity-services-engines-active-exploits/
-
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025. Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws (CVE-2025-20281, CVE-2025-20282, CVE-2025-20337), updating its advisory after detecting attacks in July 2025. >>Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE…
-
Maximum severity Cisco ISE vulnerabilities exploited by attackers
One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/23/maximum-severity-cisco-ise-vulnerabilities-exploited-by-attackers/
-
Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access
Tags: access, advisory, cisco, exploit, flaw, identity, incident response, security-incident, service, vulnerabilityCisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation.”In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild,” the company said…
-
Cisco Alerts on ISE RCE Vulnerability Actively Exploited
Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild. The flaws, tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, carry the highest possible severity rating, with a CVSS base…
-
ToolShell: Details of CVEs Affecting SharePoint Servers
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/toolshell-affecting-sharepoint-servers/
-
Botnet Abuses GitHub Repositories to Spread Malware
Hackers Using Amadey Bot to Drops Payloads From Fake GitHub Accounts. Threat actors are using public GitHub repositories to host and distribute malware through the Amadey botnet in an ongoing campaign linked to a broader malware-as-a-service operation, Cisco Talos said in a report published Thursday. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/botnet-abuses-github-repositories-to-spread-malware-a-29014
-
Cisco warns of another critical RCE flaw in ISE, urges immediate patching
Tags: access, ai, api, breach, cisco, communications, credentials, endpoint, exploit, flaw, network, radius, rce, remote-code-execution, risk, update, vulnerability, wifiFaster patching is needed: Barr is concerned about the flaw in finding N-day abuse. “While it’s positive that Cisco is transparent in disclosure and swift in releasing patches, the reality is that patching these types of vulnerabilities, especially in large, distributed enterprise environments, is not instantaneous,” he said. “Restart requirements and dependencies on high-availability setups…