Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system’s web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in…

Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases. The vulnerability can be exploited by an attacker to gain administrator privileges and take…

The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers. Talos researchers discovered that R-SeeNet is affected by seven vulnerabilities, a majority of which have been assigned a critical severity rating. An attacker can exploit the vulnerabilities to execute arbitrary JavaScript code in the targeted user’s browser by getting…

Fileless Powershell malware uses DNS as covert communication channel

Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols, some of which are not always monitored. The latest example is an attack dubbed DNSMessenger, which was analyzed by researchers from Cisco Systems’ Talos team. The attack starts with a malicious Microsoft Word document distributed through…

Attackers Employ Sneaky New Method to Control Trojans

A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says, Security researchers at Cisco’s Talos intelligence and research group have discovered what they describe as an extremely evasive and uncommon way for threat actors to command and to communicate with a Remote Access Trojan…