IOS XE zero-day attacks compromised around 10,000 Cisco devices
By MYBRANDBOOK
Over 10,000 Cisco IOS XE devices have been compromised by attackers who used a key zero-day defect that was just recently made public in order to implant malware. Enterprise switches, aggregation and industrial routers, access points, wireless controllers, and other items are among the equipment running Cisco IOS XE software.
As per threat intelligence company VulnCheck, the maximum severity vulnerability (CVE-2023-20198) has been extensively exploited in attacks targeting Cisco IOS XE systems with the Web User Interface (Web UI) feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
VulnCheck scanned internet-facing Cisco IOS XE web interfaces and discovered thousands of infected hosts. The company has also released a scanner to detect these implants on affected devices.
Cisco cautioned administrators to disable the vulnerable HTTP server feature on all internet-facing systems until a patch becomes available.
Cisco detected the CVE-2023-20198 attacks in late September following reports of unusual behavior on a customer device received by Cisco's Technical Assistance Center (TAC). Evidence of these attacks' dates back to September 18, when the attackers were observed creating local user accounts named "cisco_tac_admin" and "cisco_support."
Moreover, the attackers deployed malicious implants using CVE-2021-1435 exploits and other unknown methods, enabling them to execute arbitrary commands at the system or IOS levels on compromised devices.
"We assess that these clusters of activity were likely carried out by the same actor. Both clusters appeared close together, with the October activity appearing to build off the September activity. The first cluster was possibly the actor's initial attempt and testing their code, while the October activity seems to show the actor expanding their operation to include establishing persistent access via deployment of the implant," Cisco said.
The company also issued a "strong recommendation" for administrators to look for suspicious or recently created user accounts as potential signs of malicious activity linked to this threat.
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
ATRIE TECHNOLOGY PVT. LTD.
SAMSUNG INDIA ELECTRONICS PVT. LTD.
BHARAT ELECTRONICS LTD.
CENTRE FOR DEVELOPMENT OF TELEMATICS
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Girish Mathrubootham
Girsh Mathrubootham envisioned and co-founded Freshworks. Freshworks, ...
Technology Icons Of India 2023: Mukesh D. Ambani
An Indian billionaire businessman Mukesh Dhirubhai Ambani is currently...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...
Crayon Software Experts India Pvt Ltd
Crayon helps its customers build the commercial and technical foundati...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...