FlagThis

The threat actor known as IntelBroker has claimed to have breached Cisco systems, exfiltrating 4.5TB of data including source code and other sensitive information. The breach occurred due to an accidental misconfiguration by Cisco, which left its systems open. This incident highlights the risks of misconfigured systems and the potential for sensitive data exposure. The attackers are now offering this data on various cybercrime forums. It’s important for Cisco to investigate this issue and protect their clients as well as their own data.

Cisco has confirmed active exploitation of a decade-old cross-site scripting (XSS) vulnerability (CVE-2014-2120) in its Adaptive Security Appliance (ASA) software’s WebVPN login page. Unauthenticated, remote attackers can conduct XSS attacks against WebVPN users. Cisco strongly recommends upgrading to a fixed software release to remediate this vulnerability. This vulnerability was originally disclosed in 2014 and has recently been actively exploited.

An older Cisco ASA vulnerability, CVE-2014-2120, is being actively exploited in the wild, particularly by the Androxgh0st botnet. While initially considered medium severity, the vulnerability allows Cross-site Scripting (XSS) attacks, enabling attackers to inject malicious scripts and gain unauthorized access. Cisco has updated its advisory, urging users to update vulnerable ASA versions. The Androxgh0st botnet also leverages other vulnerabilities, highlighting the importance of comprehensive patching and security practices.