TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Massachusetts healthcare provider warns patients of data breach
March 29, 2024
A Massachusetts healthcare provider is warning patients of a recently discovered data breach that compromised some personal information. Brigham and Women’s Physician Organization, a Mass General Brigham Incorporated member, is notifying individuals of an incident it became aware of on Jan. 29, 2024, involving some patients’ personal information. Read more… Source: MSN News
- Cloud Werewolf spearphishes Russian and Belarus government employees with fake spa vouchers and federal decrees
March 29, 2024
The BI.ZONE Threat Intelligence team has revealed another campaign by Cloud Werewolf aiming at Russian and Belarusian government organizations. According to the researchers, the group ran at least five attacks in February and March. The adversaries continue to rely on phishing emails with Microsoft Office attachments. Placing malicious content on a remote server and limiting the ...
- Phishing Attack Targets Apple Users With Password Resets
March 27, 2024
If you suddenly receive dozens of password-reset notifications on your iPhone, watch out: You’re probably facing a devious phishing attack targeting Apple users. The malicious tactic is intended to to trick iPhone users into handing over access to their Apple accounts, according to security journalist Brian Krebs. One of the targeted users, tech entrepreneur Parth Patel, documented ...
- Cambodia: Police target growing gambling, cybercrime
March 27, 2024
Deputy Prime Minister and Minister of Interior Sar Sokha has called on the National Police forces to intensify efforts in preventing and suppressing local crimes, including human trafficking, cybercrime and gambling. The appeal comes after authorities clamped down on over 500 illegal gambling sites and detained more than 1,000 people in the past six months. Sokha ...
- New Gmail & M365 Warning As 2FA Security Bypass Hack Confirmed
March 26, 2024
The developers of a notorious 2FA account security bypass tool have launched an updated version of their ‘as-a-service’ kit that is targeting Microsoft 365 and Gmail account holders. Researchers from the Sekoia Threat Detection and Research team have published an in-depth analysis of Tycoon 2FA, a notorious adversary-in-the-middle kit, that is being distributed via cybercrime forums ...
- Illinois Tollway warns I-PASS customers of text message phishing scam
March 26, 2024
The Illinois Tollway is warning customers of an ongoing phishing scam that is targeting drivers by saying that they have outstanding tolls owed to the agency. According to a press release, the Tollway says that some customers have been receiving text messages from the “Illinois toll way,” detailing outstanding toll amounts that the customers owed. Those ...