Fox-IT observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding. "This explains the much discussed plummet of identified compromised systems in recent days. Using a different fingerprinting method, Fox-IT identifies 37890 Cisco devices that remain compromised." Link:https://www.linkedin.com/posts/fox-it_2_important-we-have-observed-that-the-implant-activity-7122238350849150976-Qy1-/
❗📢 Eine #Schwachstelle in #Citrix NetScaler ADC und Gateway (CVE-2023-4966) wird aktiv ausgenutzt. Entfernte Angreifende können ohne Authentifizierung an sensible Informationen wie Zugangsdaten gelangen.
"🚨 Critical Vulnerability in Cisco IOS XE Software Web UI! 🚨"
Cisco has identified a critical privilege escalation vulnerability in the web UI feature of Cisco IOS XE Software. If exposed to the internet or untrusted networks, this flaw allows remote, unauthenticated attackers to create an account with privilege level 15 access, potentially gaining control of the affected system. 🕸️💻
Cisco is actively aware of the exploitation of this vulnerability. The issue was discovered during the resolution of multiple Cisco TAC support cases. There are currently no workarounds available. However, Cisco recommends disabling the HTTP Server feature on all internet-facing systems as a precautionary measure. 🚫🌐
For more details and to check if your system might be affected, visit the official advisory: Cisco Security Advisory
Looks like Microsoft has released patches against CVE-2023-4863 and CVE-2023-5217 vulnerabilities for Microsoft Edge, Teams and Skype. The patches revolve around the vulnerable the libvpx & libwebp open source libraries used by these products. Update now!
Post by ProDaft:
“Many popular ransomware groups started to weaponize CVE-2023-42793 and added the exploitation phase in their workflow.
Our #BLINDSPOT platform has detected multiple organizations already exploited by threat actors over the last three days.
Unfortunately, most of them will have a huge headache in the upcoming weeks.
Ensure your CI/CD pipeline is secure and you have applied patches correctly. #patchNOW “
• Last edited 8:54 PM • Oct 1, 2023
Threat intelligence company, #Greynoise is warning that malicious actors are starting to exploit the recent #Citrix#ShareFile vulnerability.
Tracked as CVE-2023-24489, the vulnerability has a #CVSS score of 9.1/10. If successfully exploited, it would allow attackers perform remote code execution.