"The ASD's advisory says unknown actors go looking for Cisco devices susceptible to CVE-2023-20198, a 2018 bug rated 10.0 on the CVSS scale that allows attackers to exploit the web UI feature in Cisco's IOS XE software and take control of a system. The flaw is a favorite of the notorious Salt Typhoon gang. Rebooting an infected device removes BADCANDY, the ASD says,"
"Peter Williams, an Australian citizen working in Washington, D.C. as the general manager of defense contractor L3Harris' cyber subsidiary Trenchant, last week admitted to two counts of theft of trade secrets after being arrested and accused a week earlier. According to the Justice Department, Williams sold national-security-focused software to an unnamed Russian cyber tools broker that included at least eight "sensitive and protected cyber-exploit components" that were meant exclusively for sale to the US government and a few select allies."
Attackers are exploiting CVE-2023-20198 in Cisco IOS XE web UI to install an implant called BADCANDY on unpatched devices. The implant can be removed by rebooting but actors can detect removal and re-exploit devices, so rebooting does not undo other malicious actions or fix the underlying vulnerability. The advisory identifies the flaw as favored by the Salt Typhoon group and urges patching to prevent re-exploitation. Separately, a former defense contractor executive pleaded guilty to stealing and selling sensitive cyber-exploit software and components to a Russian cyber tools broker intended for U.S. government use.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]