Cisco Security Advisory: Actively exploited Zero-Day CVE-2023-20198 Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. "Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system."
I was looking at bot activity, and we have a bot with the user agent of just "curl" hitting the front page repeatedly. It is using an IP (193.247.73.226) in Moscow that has the reverse DNS "a3-docker7-svo.v6.ag1.thousandeyes.com" which maps back to the IP, so it's legitimate, and is owned by #cisco it would appear:
@patrickcmiller CVE-2023-20109 (CVSSv3: 6.6 medium severity, disclosed 27 September 2023) Cisco discovered attempted exploitation of the GET VPN feature and conducted a technical code review of the feature.
Auch im September ist wieder viel passiert: #Cisco kauft Splunk und OpenTF wandert als OpenTofu unter den Deckmantel der #Linux Foundation. LTS-Kernel sollen zukünftig nur für 2 statt 6 Jahre gepflegt werden. Google feiert das 25-jährige Bestehen und Chrome verärgert erneut mit FLoC. GitLab arbeitet an ActivityPub-Support. GNOME 45 und Fedora 39 Beta erscheinen und #openSUSE stellt mit Slowroll eine neue Distribution vor.
Cisco Systems Inc. agreed to buy cybersecurity company Splunk Inc. in a deal valued at about $28 billion, creating one of the world’s largest software companies.The combination will help make companies more resilient to cybersecurity threats, according to the statement....
Splunk is one of the most popular destinations in syslog-ng. I wonder how this acquisition will influence this. Will it make Splunk even stronger, or other log #analytics tools get now a chance? #LogManagement
Cisco to Buy Splunk for $28 Billion in Giant AI-Powered Data Bet (Paywalled) (www.bloomberg.com)
Cisco Systems Inc. agreed to buy cybersecurity company Splunk Inc. in a deal valued at about $28 billion, creating one of the world’s largest software companies.The combination will help make companies more resilient to cybersecurity threats, according to the statement....