All news with #cisco tag

🔍 Salt Typhoon, a Chinese state-aligned APT also tracked as Operator Panda/RedMike, is the subject of a joint advisory from intelligence and cybersecurity agencies across 13 countries. The report links the group to Chinese entities tied to the PLA and MSS and documents repeated exploitation of n-day flaws in network edge devices from vendors such as Ivanti, Palo Alto Networks and Cisco. It details persistence via ACL modifications, tunneled proxies, credential capture via RADIUS/TACACS+, and exfiltration over peering and BGP, and urges telecoms to hunt for intrusions, patch quickly and harden management interfaces.

🔒Salt Typhoon, a China-linked APT, exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks edge devices to compromise and persistently control routers worldwide. The actors modified device configurations, created GRE tunnels, and used on-box Linux containers to stage tools and exfiltrate data. Agencies from 13 countries linked the campaign to three Chinese firms and warned of espionage impacting telecoms, government, transport, lodging, and military sectors.

🔒 Cisco Talos disclosed multiple vulnerabilities affecting libbiosig, Tenda AC6, SAIL, PDF‑XChange Editor, and Foxit PDF Reader. The flaws include integer overflows, heap and stack buffer overflows, out‑of‑bounds reads, authentication and firmware validation weaknesses, and other memory corruption issues that can lead to remote code execution or information disclosure. Vendors have released patches in coordination with Talos and Snort coverage is available to detect exploitation attempts. Apply vendor updates and detection rules immediately to reduce exposure.

🛡️ FortiGuard Labs reports the resurgence of a Mirai-derived IoT malware family, publicly known as “Gayfemboy,” which reappeared in July 2025 targeting vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco devices. The campaign delivers UPX-packed payloads via predictable downloader scripts named for product families and uses a modified UPX header and architecture-specific filenames to evade detection. At runtime the malware enumerates processes, kills competitors, implements DDoS and backdoor modules, and resolves C2 domains through public DNS resolvers to bypass local filtering. FortiGuard provides AV detections, IPS signatures, and web-filtering blocks; organizations should patch and apply network defenses immediately.

🧭 The author opens with a travel anecdote and practical reminders on securing devices while on the road, urging readers to update, back up, and avoid public charging or untrusted Wi‑Fi. The newsletter highlights field-tested precautions including disabling auto-connect, using VPNs or phone hotspots, enabling device tracking, and carrying power banks. It also warns of an active campaign by a Russian state-backed group targeting Cisco devices via CVE-2018-0171, urging immediate patching and hardening.

🔒 Cisco Talos identifies the threat cluster Static Tundra as a long-running, Russian state-sponsored actor that compromises unpatched and end-of-life Cisco networking devices to support espionage operations. The group aggressively exploits CVE-2018-0171 and leverages weak SNMP community strings to enable local TFTP retrieval of startup and running configurations, often exposing credentials and monitoring data. Talos also observed persistent firmware implants, notably SYNful Knock, and recommends immediate patching or disabling Smart Install, strengthening authentication, and implementing configuration auditing and network monitoring to detect exfiltration and implanted code.

🔒 Cisco Talos identified a roughly 1.4× rise in ransomware incidents in Japan during H1 2025, with 68 confirmed cases versus 48 in the same period last year. Attacks continued to focus on small and medium-sized enterprises, with manufacturing the most affected sector. The report highlights active groups such as Qilin, RansomHub and Hunters International and spotlights the emerging Kawa4096/KaWaLocker family. Talos recommends layered defenses including Cisco Secure Endpoint, Secure Email and Secure Malware Analytics, and publishes IOCs for responders.

🔒 Cisco Talos disclosed multiple vulnerabilities across WWBN AVideo, MedDream PACS Premium, and the Eclipse ThreadX FileX component. The issues include several reflected and stored XSS flaws, a race condition and incomplete blacklist handling in AVideo that can be chained to achieve arbitrary code execution, privilege escalation and credential exposure in MedDream, and a RAM-disk buffer overflow in FileX that can lead to remote code execution on embedded devices. All affected vendors issued patches per Cisco’s disclosure policy, and Talos advises deploying vendor fixes and using Snort rule updates and Talos advisories for detection and mitigation guidance.

🔐 Talos, in collaboration with NetHope and Cisco Crisis Response, developed a customized Backdoors & Breaches expansion deck to help humanitarian aid NGOs improve incident response and proactive security within constrained budgets. The cards model real-world challenges—forced relocation, limited connectivity, and scarce resources—to make tabletop exercises practical and relevant for both technical and non-technical teams. Hundreds of physical decks have been distributed and a U.S.-focused edition was created with NGO-ISAC for domestic organizations. Resources and virtual play options are provided to lower barriers to adoption and scale training.