Cisco plans to release a patch for two zero-day flaws in its IOS XE devices on October 22. The first Cisco zero-day bug, which is named CVE-2023-20198, was reported on Oct. 16. By the time it was found, it had already been used by attackers to compromise over 10,000 Cisco devices. Cisco believes that all cyberattacks on its IOS XE devices are being perpetrated by the same threat actor.
Cisco recently updated its threat advisory on Oct. 20. They identified a new flaw, referred to as CVE-2023-20273, which was previously unknown. The flaw has a CVSS score of 7.2, which is slightly less severe. Both bugs are part of the same exploit chain.
By infosecbulletin
/ Monday , October 28 2024
With a festive look and the participation of more than one hundred participants from Bangladesh cyber industry, another successful cyber...
Read More
By infosecbulletin
/ Monday , October 28 2024
Fazle Hassan Anik hacked girls' Facebook accounts to steal sensitive pictures, which he used to blackmail them for money. He...
Read More
By infosecbulletin
/ Sunday , October 27 2024
Bangladeshi Social media posts have raised concerns about unauthorized withdrawals from bank accounts, affecting at least 7 to 8 people...
Read More
By infosecbulletin
/ Friday , October 25 2024
Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 115,000 records linked to the UN Trust Fund to End Violence...
Read More
By infosecbulletin
/ Friday , October 25 2024
Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being...
Read More
By infosecbulletin
/ Wednesday , October 23 2024
White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro's Zero Day Initiative earned $500,000 on the first...
Read More
By infosecbulletin
/ Tuesday , October 22 2024
In today's rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered...
Read More
By infosecbulletin
/ Tuesday , October 22 2024
Sophos, based in the UK, is to acquire Secureworks, a Nasdaq-listed company, for $859 million in cash from Dell Technologies....
Read More
By infosecbulletin
/ Monday , October 21 2024
The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had...
Read More
By infosecbulletin
/ Sunday , October 20 2024
In today's changing cybersecurity environment, it's essential to find vulnerabilities in code. Vulnhuntr, an open-source tool on GitHub, uses Large...
Read More
Attackers used the first bug to gain initial access, and the second bug to escalate privileges after authentication, as stated in an email from Cisco announcing the upcoming patch release.
Cisco has clarified that they made a mistake in their earlier report about the bug. Initially, they thought the threat actor had combined a new zero-day with a patched vulnerability from 2021, which could have allowed the attacker to bypass the patch.
However, Cisco has now dismissed this theory. They stated this in a company statement. “The CVE-2021-1435 that had previously been mentioned is no longer assessed to be associated with this activity,” it said.
ALSO READ:
Chinese scammers exploit India’s digital payment ecosystem