Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised

Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps. [TechWeb]( Follow Dark Reading: [RSS]( October 18, 2023 LATEST SECURITY NEWS & COMMENTARY [Zero-Day Alert: 10K Cisco IOS XE Systems Now Compromised]( Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps. [Watch Out: Attackers Are Hiding Malware in 'Browser Updates']( Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves. [Amazon Quietly Wades Into the Passkey Waters]( The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say. [UAE, US Partner to Bolster Financial Services Cybersecurity]( The two countries agree to share financial services information and provide cross-border training and best practices. [Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack]( Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn. ['Etherhiding' Blockchain Technique Masks Malicious Code in WordPress Sites]( The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers. [Top 6 Mistakes in Incident Response Tabletop Exercises]( Avoid these errors to get the greatest value from your incident response training sessions. [(Sponsored Article) 3 Essential Steps to Strengthen SaaS Security]( SaaS security is broad, possibly confusing, but undeniably crucial. Make sure you have the basics in place: discovery, risk assessment, and user access management. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit]( No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication. [ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic]( The botnet — built for DDoS, backdooring, and dropping malware — is evading standard URL signature detections with a novel approach involving Hex IP addresses. ['RomCom' Cyber Campaign Targets Women Political Leaders]( A threat group known as "Void Rabisu" used a spoofed Women Political Leaders Summit website to target attendees to the actual conference with espionage malware. [MORE]( EDITORS' CHOICE [How MOVEit Is Likely to Shift Cyber Insurance Calculus]( Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say. LATEST FROM THE EDGE [Name That Edge Toon: Office Artifacts]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Data Security and Collaboration in the Modern Enterprise]( The CISO Survival Guide explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future. LATEST FROM DR GLOBAL [Malicious 'Airstrike Alert' App Targets Israelis]( A spoofed version of the popular RedAlert app collects sensitive user data on Israeli citizens, including contacts, call logs, SMS account details, and more. WEBINARS - [Building an Effective Active Directory Security Strategy]( For many organizations, Microsoft's Active Directory is the source of truth for user identity and system access. For criminals, Active Directory is a gold mine of information for moving laterally through the corporate infrastructure. Despite its importance, many security teams ... - [When Tech Converges, Orgs Consolidate: Navigating Change Across your Security Platforms]( Convergence trends across both Web Application and API Protection (WAAP) and Secure Access Service Edge (SASE) are no coincidence. Modern organizations need the multiplicative value these security platform approaches provide, with underlying capabilities that were designed to work together. And ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( - [Threat Intelligence: Data, People and Processes]( - [Global Perspectives on Threat Intelligence]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [What Ransomware Groups Look for in Enterprise Victims]( Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ... - [Everything You Need to Know About DNS Attacks]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Kaspersky Launches Specialized Security Solution for Containerized Environments]( [DigiCert Announces Comprehensive Discovery of Cryptographic Assets]( [Appdome Announces Attack Evaluation Tools in Digital Economy's Mobile XDR]( [New Malwarebytes Survey: Consumers Lack Trust in New Tech]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118787&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_10.18.23&sp_cid=50171&utm_content=DR_NL_Dark%20Reading%20Daily_10.18.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#28 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)