Monday , May 20 2024

Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

infosecbulletin Saturday , September 9 2023 International

Cisco recently detected a zero-day vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability has been targeted by Akira ransomware attacks since August. The vulnerability, known as CVE-2023-20269, has a CVSS score of 5.0 and is of medium severity. It affects the remote access VPN feature of Cisco ASA and FTD. The vulnerability can be exploited remotely without authentication through brute force attacks.

ALSO READ:

BCSI BLOG POST
SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh

By infosecbulletin / Monday , May 20 2024
SonicWALL SSL-VPN provides secure remote access to an organization's internal network and resources through an encrypted SSL connection. This kind...
Read More
BCSI BLOG POST SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh

Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries

By infosecbulletin / Monday , May 20 2024
The banking trojan "Grandoreiro" is spreading widely through a phishing campaign in over 60 countries, aiming at customer accounts of...
Read More
Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries

Australian gov.t warns of ‘large-scale ransomware data breach’

By infosecbulletin / Saturday , May 18 2024
Australian police are investigating a big data breach in a healthcare company after a ransomware attack on Thursday. The website...
Read More
Australian gov.t warns of ‘large-scale ransomware data breach’

Patch Now: CISA Warns of Actively Exploited D-Link Router Vulnerabilities

By infosecbulletin / Saturday , May 18 2024
he U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that two security flaws in D-Link routers have been added to...
Read More
Patch Now: CISA Warns of Actively Exploited D-Link Router Vulnerabilities

New “Antidot” Banking Trojan disguised Fake Google Play Updates

By infosecbulletin / Saturday , May 18 2024
The "Antidot" Android Banking Trojan pretends to be a Google Play update app and targets Android users in different regions....
Read More
New “Antidot” Banking Trojan disguised Fake Google Play Updates

CISA Published Encrypted DNS Implementation Guidance

By infosecbulletin / Saturday , May 18 2024
CISA published a guide on using Encrypted Domain Name System (DNS) for federal civilian agencies to improve cybersecurity and meet...
Read More
CISA Published Encrypted DNS Implementation Guidance

Cyble Research
Transparent Tribe & SideCopy: A Cyber Alliance Targeting India

By infosecbulletin / Friday , May 17 2024
Cyble Research and Intelligence Labs found that two cyber threat groups, Transparent Tribe (APT36) and SideCopy, are using advanced strategies...
Read More
Cyble Research Transparent Tribe & SideCopy: A Cyber Alliance Targeting India

Recordedfuture report
Hackers Exploit GitHub to Spread Malware targeting operating systems

By infosecbulletin / Friday , May 17 2024
Recorded Future's Insikt Group has discovered a major cyber threat campaign carried out by Russian-speaking hackers, possibly located in the...
Read More
Recordedfuture report Hackers Exploit GitHub to Spread Malware targeting operating systems

ALERT
CISA issued Seventeen Industrial Control Systems Advisories

By infosecbulletin / Friday , May 17 2024
ISA issued seventeen advisories about Industrial Control Systems (ICS) on May 16, 2024. These advisories give important information about security...
Read More
ALERT CISA issued Seventeen Industrial Control Systems Advisories

Intel released 41 Security Advisories Over 90 Vulnerabilities

By infosecbulletin / Thursday , May 16 2024
Intel released 41 security advisories this Patch Tuesday, which contain information about over 90 vulnerabilities in their products. The company...
Read More
Intel released 41 Security Advisories Over 90 Vulnerabilities

Hacker group again threat attack Bangladesh 19 September: CIRT Alert

CISCO has published an advisory regarding the issue. CISCO said, the vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.

This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following:

Identify valid credentials that could then be used to establish an unauthorized remote access VPN session.
Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier).

Click here to read the advisory published by CISCO.

Source: Bleeping computer, CISCO

 

Check Also

Flag

Cyble Research
Transparent Tribe & SideCopy: A Cyber Alliance Targeting India

Cyble Research and Intelligence Labs found that two cyber threat groups, Transparent Tribe (APT36) and …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin