Article 6EK9P Cisco security appliance 0-day is under attack by ransomware crooks

Cisco security appliance 0-day is under attack by ransomware crooks

by
Dan Goodin
from Ars Technica - All content on (#6EK9P)
cisco-800x533.jpg

Enlarge / Cisco Systems headquarters in San Jose, California, US, on Monday, Aug. 14, 2023. Cisco Systems Inc. is scheduled to release earnings figures on August 16. Photographer: David Paul Morris/Bloomberg via Getty Images

Cisco on Thursday confirmed the existence of a currently unpatched zero-day vulnerability that hackers are exploiting to gain unauthorized access to two widely used security appliances it sells.

The vulnerability resides in Cisco's Adaptive Security Appliance Software and its Firepower Threat Defense, which are typically abbreviated as ASA and FTD. Cisco and researchers have known since last week that a ransomware crime syndicate called Akira was gaining access to devices through password spraying and brute-forcing. Password spraying, also known as credential stuffing, involves trying a handful of commonly used passwords for a large number of usernames in an attempt to prevent detection and subsequent lockouts. In brute-force attacks, hackers use a much larger corpus of password guesses against a more limited number of usernames.

Ongoing attacks since (at least) March

An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials," Cisco officials wrote in an advisory. A successful exploit could allow the attacker to achieve one or both of the following:

Read 9 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments