Black Friday 2023 is right around the corner and deals on AMD, & Intel CPUs are already live, offering some amazing discounts to PC gamers.
18.10.2023 - 17:04 / pcmag.com
The number of Cisco devices hijacked through a newly discovered attack has risen to over 30,000, according to the latest findings from security researchers.
Security vendor Censys has been tracking the threat, and observed 34,140 Cisco devices that appear to have been compromised by a critical vulnerability in the company’s IOS XE software.
“The United States has the majority of compromises, with 4,659 devices having the backdoor installed, along with the Philippines close behind with over 3,200 compromised hosts,” Censys says in its report.
The IOS XE software is used across Cisco switches, routers, and wireless controller products, meaning a large swath of networking equipment has likely been hijacked. The vulnerability, dubbed CVE-2023-20198, is so powerful it can pave the way for a full takeover of a Cisco device, enabling a hacker to spy on traffic or serve users phishing pages loaded with malware.
Censys has been trying to identify which users could be affected. The company’s scans of the affected Cisco devices reveal many of them belong to “telecommunications companies offering internet services to both households and businesses.”
For example, 469 of the compromised Cisco devices were registered to AT&T. "While commonly linked with residential internet access, it (AT&T) also delivers business solutions, evident in its use of the enterprise-grade Cisco (XE) router. As a result, the primary targets of this vulnerability are not large corporations but smaller entities and individuals who are more susceptible,” Censys says.
Cisco has suggested that a single hacking group is behind the mass exploitation, which was first detected last month. It appears the group has since been abusing the flaw at a rapid rate when no patch exists to fix the problem. On Wednesday, nonprofit security group Shadowserver said it’s also detected over 32,800 devices compromised through the vulnerability.
However, Cisco tells PCMag it’s been scrambling to stamp out the threat. “We are working non-stop to provide a software fix and we strongly urge customers to take immediate action as outlined in the security advisory. Cisco will provide an update on the status of our investigation through the security advisory,” the company said in a statement.
How long it’ll take for Cisco to release the patch was left unsaid. In the meantime, the company is urging customers to scan whether their devices were compromised and to disable “the HTTP Server feature” on them.
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.
Black Friday 2023 is right around the corner and deals on AMD, & Intel CPUs are already live, offering some amazing discounts to PC gamers.
We are happy to share that 11.11 Festival this year starts from 3rd till 16th November 2023, and players will be able to purchase PlayStation 5 consoles for up to SGD 160 / MYR 550 / THB 4,200/ IDR 1,820,000 / VND 2,900,000 off at participating retailers in Singapore, Malaysia, Thailand, Indonesia and Vietnam.
Black Friday 2023 is right around the corner and deals on NVIDIA, AMD, & Intel GPUs are already live, offering some amazing discounts to PC gamers.
Yesterday, Canada banned the use of WeChat and Kaspersky's suite of security apps on all government-issued mobile devices. The apps will be uninstalled and any attempt to download them again will be blocked.
Update: Pulse Explore wireless earbuds, Pulse Elite wireless headset, and additional PlayStation Link USB adapters will be available to pre-order starting Friday, November 24th. Preorders will be available through PlayStation Authorized Dealers and Sony Centres in Singapore, Malaysia, Thailand, Indonesia, Philippines, and Vietnam.
A Russian-speaking hacking group obtained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice as part of the sprawling MOVEit hack last summer, according to a report on the wide-ranging attack obtained through a Freedom of Information Act request.
It's common knowledge that Google pays Apple to be the default search engine on Apple devices, but the exact amount has been the subject of much debate. Typical guesses are north of $10 billion, but two sources tell The New York Times that the bill was "around $18 billion" in 2021.
On Tuesday, more than 30 US States filed a lawsuit against Meta Platforms over the allegations of using features on Instagram and Facebook to lure children to these platforms and get them hooked on harmful content. Following closely on the heels of that, Union Minister Rajeev Chandrasekhar has reacted and said that social media platforms will have to be more accountable for the content that circulates there. He also highlighted that these platforms must ensure they do not cause harm to Indian citizens.
On Tuesday, Meta was served a lawsuit by more than 30 US states, including 8 individual lawsuits from states, over the alleged use of features in Instagram and Facebook to lure children to the platform and get them hooked on harmful content. This fresh case has again opened the longstanding issue of companies exploiting children, one of the most vulnerable demographics of any digital user base in order to gain profit. However, Meta is not the only one to blame here. For years, many tech firms including Google, Microsoft, Apple, and others have faced similar lawsuits for failing to protect underage users.
Qualcomm previewed a new feature at its Snapdragon Summit in Maui that promises a less fractured multiple-device lifestyle—as long as those devices run Android or Windows.
In a recent case of online fraud, the Central Bureau of Investigation (CBI) has taken action against a man from Ahmedabad who swindled a US citizen by pretending to be a senior executive from a big company's fraud department. It is alleged that Ramavat Shaishav used fake identities to deceive the victim to part with their cryptocurrency.
Telecom gear maker Nokia said Thursday that it is planning to cut up to 14,000 jobs worldwide, or 16% of its workforce, as part of a push to reduce costs following a plunge in third-quarter sales and profit.