Tag: cisco
-
Think passwordless is too complicated? Let’s clear that up
We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/passwordless-mythbusting-with-cisco-duo/
-
Think passwordless is too complicated? Let’s clear that up
We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/passwordless-mythbusting-with-cisco-duo/
-
Think passwordless is too complicated? Let’s clear that up
We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/passwordless-mythbusting-with-cisco-duo/
-
Think passwordless is too complicated? Let’s clear that up
We’ve relied on passwords for years to protect our online accounts, but they’ve also become one of the easiest ways attackers get in. Cisco Duo helps clear up some of the biggest passwordless myths. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/passwordless-mythbusting-with-cisco-duo/
-
Angriffe auf Cisco-Systeme laufen – US-Senator nimmt Cisco in die Mangel
First seen on security-insider.de Jump to article: www.security-insider.de/zero-day-schwachstellen-cisco-produkte-us-senator-fordert-aufklaerung-a-4992b84d1a15b834c64df1677a466a60/
-
Angriffe auf Cisco-Systeme laufen – US-Senator nimmt Cisco in die Mangel
First seen on security-insider.de Jump to article: www.security-insider.de/zero-day-schwachstellen-cisco-produkte-us-senator-fordert-aufklaerung-a-4992b84d1a15b834c64df1677a466a60/
-
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications, mainly via ToolShell targeting SharePoint, for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q3-2025/
-
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications, mainly via ToolShell targeting SharePoint, for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ir-trends-q3-2025/
-
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge.PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.The TLS-based ELF implant, at its core,…
-
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
-
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
-
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
-
Network security devices endanger orgs with ’90s era flaws
Tags: access, application-security, apt, authentication, breach, cisa, cisco, citrix, cloud, control, cve, cyber, cybersecurity, dos, email, endpoint, exploit, finance, firewall, firmware, flaw, government, group, incident response, infrastructure, injection, ivanti, jobs, linux, mitigation, mobile, network, open-source, penetration-testing, programming, regulation, remote-code-execution, reverse-engineering, risk, risk-management, router, service, software, threat, tool, vpn, vulnerability, zero-day2024 networking and security device zero-day flaws Product CVE Flaw type CVSS Check Point Quantum Security Gateways and CloudGuard Network Security CVE-2024-24919 Path traversal leading to information disclosure 8.6 (High) Cisco Adaptive Security Appliance CVE-2024-20359 Arbitrary code execution 6.6 (Medium) Cisco Adaptive Security Appliance CVE-2024-20353 Denial of service 8.6 (High) Cisco Adaptive Security Appliance …
-
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset.That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions…
-
‘Zero Disco’ campaign hits legacy Cisco switches with fileless rootkit payloads
Effects beyond one-time infection: According to Trend Micro, the campaign affected specific Cisco families, including 9400, 9300, and legacy 3750G switches. Affected organizations face more than a one-off compromise as infected switches can provide attackers a long-term, stealthy platform for lateral movement, data interception, or further payload delivery.Parts of the exploit are fileless or volatile,…
-
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. >>The operation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/hackers-used-cisco-zero-day-to-plant-rootkits-on-network-devices-cve-2025-20352/
-
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. >>The operation … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/17/hackers-used-cisco-zero-day-to-plant-rootkits-on-network-devices-cve-2025-20352/
-
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
-
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks
Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
-
Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution
Cisco has disclosed a serious security vulnerability affecting its IOS and IOS XE Software that could allow attackers to execute remote code or crash affected devices. The flaw, tracked as CVE-2025-20352, resides in the Simple Network Management Protocol (SNMP) subsystem and carries a CVSS score of 7.7, marking it as a high-severity threat. Overview of…
-
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in ‘Zero Disco’ Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems.The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple…
-
North Korean operatives spotted using evasive techniques to steal data and cryptocurrency
Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection. First seen on cyberscoop.com Jump to article: cyberscoop.com/north-korea-attackers-evasive-techniques-malware/
-
Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits
Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new campaign, tracked as Operation Zero Disco, that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected…
-
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
NK’s Famous Chollima Use BeaverTail and OtterCookie Malware in Job Scam
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack. First seen on hackread.com Jump to article: hackread.com/nk-famous-chollima-beavertail-ottercookie-malware/
-
New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence
Trend Micro have reported a campaign exploiting a flaw in Cisco SNMP to install Linux rootkits on devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rootkit-campaign-exploits-cisco/
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…
-
North Korean Hackers Deploy BeaverTailOtterCookie Combo for Keylogging Attacks
Researchers at Cisco Talos have uncovered a sophisticated campaign by the Famous Chollima subgroup of Lazarus, wherein attackers deploy blended JavaScript tools”, BeaverTail and OtterCookie”, to carry out stealthy keylogging, screenshot capture, and data exfiltration. This cluster of activity, part of the broader “Contagious Interview” operation, has evolved significantly since first noted, blurring lines between…