"In a security advisory, Cisco said it discovered a hacking campaign on December 10 targeting Cisco AsyncOS software, and in particular the physical and virtual appliances Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. The advisory said affected devices have a feature called "Spam Quarantine" enabled and are reachable from the internet. Cisco noted that this feature is not enabled by default and does not need to be exposed to the internet, which may be good news."
"However, Kevin Beaumont, a security researcher who tracks hacking campaigns, told TechCrunch that this appears to be a particularly problematic hacking campaign since a lot of big organizations use the affected products, there are no patches available, and it's unclear how long the hackers had backdoors in the affected systems. At this point Cisco is not saying how many customers are affected."
Cisco discovered a hacking campaign on December 10 targeting Cisco AsyncOS and the physical and virtual appliances Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. Affected devices have the Spam Quarantine feature enabled and are reachable from the internet. The Spam Quarantine feature is not enabled by default and does not need to be internet-exposed. A researcher noted that the requirement of an internet-facing management interface and certain features being enabled will limit the attack surface. Another researcher warned the campaign is problematic because many large organizations use the affected products, no patches are available, and the duration of possible backdoors is unclear. Cisco is investigating, developing a permanent remediation, and currently suggests wiping and rebuilding affected devices' software as a temporary mitigation.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]