web analytics

Cisco Patches an Exploited Zero-Day Vulnerability – Source: www.databreachtoday.com

cisco-patches-an-exploited-zero-day-vulnerability-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Network Firewalls, Network Access Control

China-Nexus Hackers Velvet Ant Exploited the Bug in April, Cisco and Sygnia Say

Rashmi Ramesh (rashmiramesh_) •
July 2, 2024    

Cisco Patches an Exploited Zero-Day Vulnerability
Image: Shutterstock

Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices.

See Also: Close the Case on Ransomware

The threat group, dubbed Velvet Ant, remotely connected to Cisco’s NX-OS software used in switches and executed malicious code. The networking giant in an advisory attributes the discovery to cybersecurity firm Sygnia.

Tracked as CVE-2024-20399, the command injection vulnerability allows an authenticated local attacker to execute arbitrary commands as root.

Network appliances, particularly switches, are often unmonitored, and their logs are frequently not forwarded to a centralized logging system. This already creates “significant challenges” in identifying and investigating malicious activities, Sygnia said. But a lack of log review may not have mattered with this flaw. The vulnerability gives the user administrator privileges to carry out commands without triggering system syslog messages, making it easier to conceal the execution of shell commands.

The vulnerability is rated 6 on the CVSS scale despite its code execution capabilities and the widespread use of Cisco Nexus switches in enterprise environments such as data centers. The score is low because most Nexus switches are not directly exposed to the internet, meaning the attacker would need to already have initial access by possessing admin credentials and specific command configurations for the exploitation to be successful.

Despite the prerequisites necessary to exploit the vulnerability, the incident “demonstrates the tendency of sophisticated threat groups to leverage network appliances, which are often not sufficiently protected and monitored, to maintain persistent network access,” Sygnia said.

The potentially state-sponsored threat actor last month used outdated F5 BIG-IP appliances to execute custom malware in order to steal customer and financial data from an undisclosed East Asian company, and the campaign went undetected for three years.

For the new vulnerability, Cisco advises companies to change admin credentials and monitor activity as a preventive measure. Admins can check their devices’ exposure on the software checker page.

Original Post url: https://www.databreachtoday.com/cisco-patches-exploited-zero-day-vulnerability-a-25682

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

FERMA
THE ROADMAP TO STRATEGIC RISK MANAGEMENT
THE ROADMAP TO STRATEGIC RISK...
ENISA-EUROPA
Cyber Resilience Act Requirements Standards Mapping
Cyber Resilience Act Requirements Standards...
CYTAD
Essential Data Privacy Checklist
Essential Data Privacy Checklist
SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source...
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications...
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications

More Latest Published Posts

Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate
ENISA
Best Practices for Cyber Crisis Management
Best Practices for Cyber Crisis Management
viehgroup
AWS Cloud Security Checklist
AWS Cloud Security Checklist
DevSecOps Guide
Attacking .NET
Attacking .NET
IGNITE Technologies
Advance Burp Suite Pentester Training (Online)
Advance Burp Suite Pentester Training (Online)
LogRhythm
Using MITRE ATT&CK™in Threat Huntingand Detection
Using MITRE ATT&CK™in Threat Huntingand Detection
INCIDENT RESPONSE PLAN
INCIDENT RESPONSE PLAN
NIST CSF 2.0
Incident Response Recommendations and Considerations for Cybersecurity Risk Management
Incident Response Recommendations and Considerations for Cybersecurity Risk Management
GmFaruk
Identity and Access Management Policy
Identity and Access Management Policy
UK HM Government
National Cyber Strategy 2022
National Cyber Strategy 2022
NSA
NSA Network Infrastructure Security Guide
NSA Network Infrastructure Security Guide
NIST
NIST Policy Template Guide
NIST Policy Template Guide
Thecyphere
Malware prevention tips for businesses
Malware prevention tips for businesses
ministry of security
MERGERS AND ACQUISITIONS
MERGERS AND ACQUISITIONS
THE LINUX FUNDATION
Linux Privilege Escalation
Linux Privilege Escalation
LogRhythm
How to build a SOC with limited resources
How to build a SOC with limited resources
Kubernetes
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Australian Government
Management structures and responsibilities
Management structures and responsibilities
Hacker Combat
How are Passwords Cracked ? by Hacker Combat.
How are Passwords Cracked ? by Hacker Combat.
N/A
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Sectrio
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
ISA SECURE
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components