Cisco customers hit by fresh wave of zero-day attacks from China-linked APT

Source: CyberScoop

Author: Matt Kapko

URL: https://cyberscoop.com/cisco-zero-day-attacks-china-apt/

ONE SENTENCE SUMMARY:

Chinese threat group exploits zero-day vulnerability in Cisco email and web security software, affecting systems with exposed configurations.

MAIN POINTS:

1. Cisco identified a critical zero-day vulnerability in its email and web security software.
2. Vulnerability allows execution of commands with unrestricted privileges on compromised devices.
3. Chinese APT group UAT-9686 is exploiting this vulnerability.
4. No patch is currently available for the identified vulnerability.
5. Attacks specifically target systems with a publicly exposed spam quarantine feature.
6. Cisco advises customers to follow mitigation guidance to reduce risk.
7. Vulnerability has a CVSS rating of 10, indicating severe impact.
8. CISA added the vulnerability to its known exploited vulnerabilities catalog.
9. Previous attacks also targeted Cisco systems, involving different vulnerabilities.
10. Cisco denies connection between recent and earlier attack campaigns.

TAKEAWAYS:

1. Ensure spam quarantine feature is not publicly exposed to mitigate risks.
2. Monitor Cisco advisories for updates on the availability of patches.
3. Implement security measures based on guidance to protect against potential threats.
4. Recognize the persistent threat from Chinese APT groups exploiting Cisco vulnerabilities.
5. Understand the importance of secure configuration to prevent exploitation.