Featured Story
Over 10,000 Cisco Devices Hacked in IOS XE Zero-Day Attacks
A critical vulnerability (CVE-2023-20198) in Cisco IOS XE with Web UI enabled is being actively exploited. Threat actors are using it to take full control of routers and switches. VulnCheck detected thousands of infected internet-facing hosts. Cisco has provided guidance and detection tools.
- Disable Web UI and remove device management from the public internet.
- Monitor logs for suspicious admin account creation.
- Follow Cisco’s PSIRT guidance for mitigation and detection.
- Subscribe to Cisco advisories to stay updated on critical threats.
Our SOC team can assist in reviewing device configurations and checking for IOCs.
Other Stories
New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack
Cofense has identified a widespread phishing campaign using LinkedIn Smart Links. Over 800 messages were observed, targeting users in the finance, energy, and manufacturing sectors. Smart Links bypass many security filters, making them an effective tool for harvesting credentials.
- Train staff to recognize Smart Link phishing attempts.
- Enhance email gateway rules to flag suspicious URLs.
- Monitor LinkedIn business accounts for misuse or unauthorized access.
DarkGate Malware Spreads Through Skype and Teams Messages
A threat actor is using compromised Microsoft Teams and Skype accounts to deliver DarkGate malware. Messages appear to come from trusted contacts and contain malicious attachments. DarkGate enables keylogging, crypto mining, and full remote access.
- Implement file scanning on Teams and Skype traffic.
- Enforce MFA on all Microsoft 365 accounts.
- Restrict external messaging where possible.
We provide secure collaboration assessments and malware detection support.
Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years Later
Researcher Joshua Rogers disclosed 55 vulnerabilities in Squid over two years ago, but 35 remain unpatched. The flaws could lead to crashes or remote code execution. Over 2.5 million Squid instances are still exposed online.
- Evaluate whether Squid is essential in your environment.
- Monitor Squid updates and switch to supported alternatives if needed.
- Segment and isolate proxy servers from critical infrastructure.
Several Belgian Government Websites Disrupted by DDoS Attack
The Royal Palace, Senate, and Prime Minister’s office websites were impacted by a DDoS attack earlier this week. Services were restored the same day. The origin remains unknown but is part of a trend targeting pro-Ukraine nations.
- Maintain strong DDoS protection through upstream filtering or scrubbing services.
- Collaborate with public CERTs and private threat intel sources during major disruptions.
- Simulate DDoS readiness internally to test your crisis response.
Our SOC team can help assess and improve your DDoS defense posture.
