#cisco

Threat actors can abuse weaknesses in HTTP request handling to launch damaging browser-based attacks on website users, researcher says.

Executive summary On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate.  During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.  The attacker conducted a series of sophisticated voice phishing attacks under the guise of various trusted organizations attempting to convince the victim to accept multi-factor authentication (MFA) push notifications initiated by the attacker. The attacker ultimately succeeded in achieving an MFA push acceptance, granting them access to VPN in the context of the targeted user.  CSIRT and Talos are responding to the event and we have not identified any evidence suggesting that the attacker gained access to critical internal systems, such as those related to product dev...

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key is stored in memory on a hardware platform that performs hardware-based cryptography. An attacker could exploit this vulnerability by using a Lenstra side-channel attack against the targeted device. A successful exploit could allow the attacker to retrieve the RSA private key. The following conditions may be observed on an affected device: This vulnerability will apply to approximately 5 percent of the RSA keys on a device that is running a vulnerable release of Cisco ASA Software or Cisco FTD Software; not all RSA keys are expected to be affected due to mathematical calculations applied to the RSA key. The RSA key could be valid but have specific characteristics that make it vuln...

A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks. This vulnerability is due to improper validation of input that is passed to the Clientless SSL VPN component. An attacker could exploit this vulnerability by convincing a targeted user to visit a website that can pass malicious requests to an ASA device that has the Clientless SSL VPN feature enabled. A successful exploit could allow the attacker to conduct browser-based attacks, including cross-site scripting attacks, against the targeted user.

.

A former Twitter employee has been pronounced guilty for his role in digging up private information pertaining to certain Twitter users and turning over that data to Saudi Arabia. Ahmad Abouammo, 44, was convicted by a jury after a two-week trial in San Francisco federal court, Bloomberg reported Tuesday. He faces up to 20 years in prison when sentenced. The verdict comes nearly three years

New release also includes enterprise-grade cloud security posture management (CSPM) and YARA-based malware scanning capabilities.

The Black Hat USA conference's silver jubilee is an opportunity to remember its defining moments, the impact it has made on the security community, and its legacy.

Vulnerable path is reachable just once a day, but patches still need to be implemented as a matter of priority

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. For more information about these vulnerabilities, see the Details section of this advisory.