October 23, 2023 at 06:21PM Cisco has released a patch for a critical bug in its IOS XE software that allowed criminals to exploit thousands of devices. However, the patch seems to be ineffective as the attackers have updated their implants to evade detection. A new variant of the implant hinders identification of compromised systems. … Read more
October 23, 2023 at 04:12PM Casio, the Japanese electronics maker, announced a data breach that exposed the personal information of customers in 150 countries. The breach occurred in the development environment for ClassPad.net, an education web application managed by Casio. The company attributed the breach to an operational error and insufficient security measures. The compromised … Read more
October 23, 2023 at 10:09AM Cisco has released a free software update to address two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise over 50,000 IOS XE devices. The first fixed release available is 17.9.4a, with updates for other releases to be disclosed later. The vulnerabilities are in the web UI of Cisco devices … Read more
October 20, 2023 at 06:17PM Cisco has disclosed two high-severity zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, being actively exploited to compromise Cisco IOS XE devices. The company has found fixes for both vulnerabilities and plans to release them on October 22. Over 40,000 devices have already been compromised. System administrators are urged to disable the vulnerable … Read more
October 18, 2023 at 05:22PM Taiwan-based network equipment vendor D-Link confirms data breach but denies hacker’s claims of severity. Investigation reveals that the stolen data is outdated and doesn’t contain personally identifiable or financial information. D-Link believes the breach occurred through a successful phishing attack on an employee and assures customers that they are unlikely … Read more
October 18, 2023 at 12:09AM D-Link, a Taiwanese networking equipment manufacturer, confirmed a data breach that exposed “low-sensitivity and semi-public information.” The breach originated from an old D-View 6 system and did not contain user IDs or financial information. D-Link denied claims of millions of records being compromised and stated that approximately 700 outdated records … Read more
October 17, 2023 at 04:49PM More than 10,000 Cisco IOS XE devices have been compromised and infected with malicious implants through a zero-day bug. The vulnerability has been exploited in attacks on devices running Cisco IOS XE software with the Web User Interface feature and HTTP/HTTPS Server feature enabled. Security company VulnCheck has released a … Read more
October 17, 2023 at 02:55PM Networking equipment manufacturer D-Link confirmed a data breach in which customer and employee information, including the CEO’s details, were stolen and put up for sale. The attacker claims to have also taken source code for D-Link’s software. The company shut down affected servers, disabled user accounts, and clarified that only … Read more
October 17, 2023 at 09:06AM US authorities have urged network admins to patch a critical vulnerability in Atlassian Confluence Data Center and Server due to ongoing nation-state exploitation. The potential consequences of the exploit are severe, as attackers could create new admin accounts for themselves. The attackers have already demonstrated sophistication by attempting to modify … Read more
October 17, 2023 at 07:12AM Cisco has issued a warning about a zero-day vulnerability, CVE-2023-20198, affecting its IOS XE software. The vulnerability allows remote attackers to gain privileged access and take control of devices, potentially modifying network routing rules and exfiltrating data. Cisco has observed active exploitation of the vulnerability and is working on a … Read more