Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices.
Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 (CVSS score: 10.0) as part of an exploit chain.
“The
Related Post
- September 20, 2024
Clever Social Engineering Attack Using Captchas
This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually
- September 20, 2024
Europol Shuts Down Major Phishing Scheme Targeting Mobile
Law enforcement authorities have announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen
- September 20, 2024
Passwordless AND Keyless: The Future of (Privileged) Access
In IT environments, some secrets are managed well and some fly under the radar. Here’s a quick checklist of what
- September 20, 2024
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber
An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now