TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 7-Zip bug could allow a bypass of a Windows security feature – update now
January 22, 2025
A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...
- Conduent confirms outage was due to a cybersecurity incident
January 22, 2025
U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was related ...
- Odds & Ends: Unraveling the Surebet Playbook
January 22, 2025
The global sports betting market has seen explosive growth in recent years, fueled by the rise of online gambling platforms, increased internet access and penetration, and the legalization of betting in numerous countries. As of 2023, research showed that the global sports betting market was valued at around $92.1 billion, with projections suggesting it could ...
- ChatGPT API vulnerability could enable large-scale DDoS attacks
January 21, 2025
A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub. According to Flesch, the flaw lies in the ...
- eCommerce data breach exposes details on half a million users
January 21, 2025
The North Pole Company, a Canadian gift basket delivery service, allegedly suffered a data breach in which half a million customers lost sensitive personal information. The claim was made on BreachForums, a popular underground community where cybercriminals come to share tools, resources, and experiences, to find partners and plan future attacks. As cybersecurity researchers from Incogni ...
- Hit by wave of cyber attacks, Japan shifts to ‘active cyber defence’
January 20, 2025
apan aims to take a more proactive approach to cyber defence by allowing hackers working for the authorities to “attack” pre-emptively to prevent or stop sabotage attempts. Under a new strategy of “active cyber defence”, Japan plans to allow hackers working for the police or Self-Defence Forces (SDF) to infiltrate servers to neutralise the source ...