TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Frontier Communications: 750k people’s data stolen in April attack on systems
June 7, 2024
Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing. Lawyers representing the major US telco told the Office of the Maine Attorney General that data belonging to 751,895 people was stolen. The data types impacted, according to the filing, are limited to names ...
- Telangana Police hit by second major data breach in a week as TSCOP App compromised
June 7, 2024
Just a week after the hacking incident involving Telangana police’s HawkEye app, another app, TSCOP, has been compromised as well. As a result, policerelated data is currently available for sale on online forums. The same hacker responsible for the breach of HawkEye is behind this security lapse. The TSCOP app user data is being sold online ...
- CoinGecko confirms email provider data breach, over 23,000 phishing emails sent
June 7, 2024
Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by its third-party email management platform GetResponse. Following yesterday’s reports of a new wave of crypto airdrop scams, CoinGecko confirmed that GetResponse suffered a data breach on June 5, allowing attackers to export the contact information of over 1.9 million CoinGecko users. Read more… Source: CoinTelegraph Sign up for ...
- Microsoft Recall snapshots can be easily grabbed with TotalRecall tool
June 6, 2024
Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a ...
- Hundreds of Snowflake customer passwords found online are linked to info-stealing malware
June 5, 2024
Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised. Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts ...
- RansomHub: New Ransomware has Origins in Older Knight
June 5, 2024
RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware. Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. ...