TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Intruders at HealthEquity rifled through storage, stole 4.3M people’s data
July 29, 2024
HealthEquity, a US fintech firm for the healthcare sector, admits that a “data security event” it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… The incident began in March but was only detected in June. The company said in a ...
- Millions more victims exposed in debt collection agency data breach
July 29, 2024
It seems that the data breach at the debt collection agency Financial Business and Consumer Solutions (FBCS) was a lot bigger than initially thought. After first reporting some 1.9 million victims, the company now says that more than 4.2 million were actually affected. In late April, it was reported that FBCS suffered a cyberattack two months ...
- Georgia: Columbus hit by data breach, officials say not considered ransomware incident
July 29, 2024
Columbus experienced a data breach last Wednesday, the same day as an internet outage, city officials say. The only information believed to have been accessed are employees’ names, work emails and passwords, according to Mike Richardson, the city’s director of security and risk. He said no employee’s personal financial information was compromised. All employee passwords were ...
- Northern Ireland: Man arrested in connection with PSNI data breach
July 29, 2024
Detectives investigating criminality linked to the PSNI data breach have arrested a 54-year-old man. Data relating to all 9,483 PSNI officers and staff was mistakenly included in a spreadsheet published online last August in response to a freedom of information request. The list included the surname and first initial of every employee, their rank or grade, ...
- Investigators probe suspected sabotage of French fiber optic network
July 28, 2024
The disruptions occurred early Wednesday, hitting several — but not all — internet operators. Authorities suggested the damage to the cables was intentional. The prosecutor’s office opened a preliminary investigation on charges of “damaging goods of a nature of harming the fundamental interests of the nation,” as well as “obstruction of an automatic data processing system” ...
- CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
July 26, 2024
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF). SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web ...