InfoSecBulletin Cybersecurity for mankind
The Interlock ransomware group has been exploiting a remote code execution (RCE) flaw in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January.
Cisco fixed the security issue (CVE-2026-20131) on March 4. They warned that this flaw could let attackers run any Java code as root on devices that have not been updated.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The Amazon security team said on Wednesday that the Interlock ransomware group had been using the Secure FMC problem to target company firewalls for over a month before it was fixed.
The attack process sends special HTTP requests to a certain point in the affected software to run any Java code. After this, the hacked system sends an HTTP PUT request to an outside server to show the attack worked. Once this is done, commands are sent to get an ELF binary from a remote server, which has other tools related to Interlock.
“While looking for any current or past exploits of this vulnerability, our research found that Interlock was exploiting this vulnerability 36 days before its public disclosure, beginning January 26, 2026,” said CJ Moses, CISO of Amazon Integrated Security.
“This wasn’t just another vulnerability exploit, Interlock had a zero-day in their hands, giving them a week’s head start to compromise organizations before defenders even knew to look.”
“On March 4, 2026, Cisco issued a security advisory disclosing a vulnerability in the web interface of Cisco Secure Firewall Management Center Software,” Cisco told BleepingComputer on Wednesday in an email statement after publishing. “We appreciate Amazon’s partnership on this, and we have updated our security advisory with the latest information. We strongly urge customers to upgrade as soon as possible and reference our security advisory for more details and guidance.”
Since the start of the year, Cisco has worked on fixing many security problems that were used by hackers. For example, in January, it fixed a serious Cisco AsyncOS flaw that was used to break into secure email devices since November and fixed an important Unified Communications RCE that was also used in attacks.
Last month, Cisco fixed a serious flaw that was used as a zero-day to get around Catalyst SD-WAN login. This let attackers take control of controllers and add harmful rogue peers to specific networks.
