TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
May 1, 2024
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control ...
- New “Goldoon” Botnet Targeting D-Link Devices
May 1, 2024
In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. Fortinet IPS ...
- UK: Cyber attack recovery could cost council £500,000
May 1, 2024
The total cost of restoring systems following a cyber attack could cost the Western Isles local authority Comhairle nan Eilean Siar £500,000. A suspected ransomware attack in November caused significant disruption to IT systems at the local authority. The impact led to some bills, including council tax, being delayed. Malcolm Burr, the council’s chief executive, said ...
- The State of Ransomware 2024
April 30, 2024
The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact, and recovery time. Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year’s report combines year-on-year insights with brand new areas of study. ...
- India Recorded 79 Million Cyber Attacks In 2023, Ranks 3rd Globally
April 30, 2024
India ranked as the third-largest country globally for phishing attacks after the US and UK, with its technology sector facing nearly 33 per cent of all such strikes, marking it as the most targeted industry, according to a report. The report by cybersecurity firm Zscaler showed a 60 per cent rise in global phishing attacks over ...
- Hull City Council suffers nine cyber attacks in three years
April 30, 2024
Hull City Council has paid £30,000 in data breach claims and suffered nine cyber attacks in the past three years, a report has found. The local authority confirmed it’s had nine cyber security incidents since 2021, five of which were phishing attacks (scams where attackers deceive people into revealing sensitive information). An investigation by DataBreachClaims.org.uk revealed ...