AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
Stay secure with our latest firewall updates, trends, and expert insights in information security to protect your digital assets effectively.
Search across headline titles and summaries.
Background for this topic.
Firewalls are security controls that permit or block network connections according to policy. They can operate at network boundaries, between internal segments, on individual hosts, or in cloud environments. Basic rules use addresses, ports, protocols, and connection state; more advanced firewalls may inspect applications or encrypted traffic where configured. Their purpose is to limit which systems can communicate, not to determine that all permitted traffic is safe.
Security depends heavily on accurate policy and maintenance. Overly broad, obsolete, or conflicting rules can expose services or allow unnecessary lateral movement, while unmanaged administrative interfaces and unpatched firewall software create additional attack surfaces. Practitioners should restrict management access, apply least-privilege rules, review and remove exceptions, and monitor logs for unexpected connections and policy changes. Firewall logs can support investigation, but encryption, evasion, and traffic allowed by policy may limit what the control can detect.
Weekly headline count for the current query.
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances
A data breach at Marquis Software Solutions due to a firewall flaw has affected over 780,000 people across the US
SonicWall said that a threat actor has accessed files containing encrypted credentials and configuration data for all customers who have used its cloud backup service
An attack campaign has been identified which exploits vulnerabilities in Cisco Adaptive Security Appliance software
SonicWall said that threat actors accessed firewall preference files stored in the cloud for around 5% of its firewall install base
Cisco has issued a software update to address the vulnerability, which can allow an unauthenticated, remote attacker to inject arbitrary shell commands
Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances
Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation
The leak likely comes from a zero-day exploit affecting Fortinet’s products
The security provider published mitigation measures to prevent exploitation
The US government has sanctioned Sichuan Silence and one of its employees for the mass compromise of firewalls which led to the deployment of malware and ransomware
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data
Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild
The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation
According to Enea, these campaigns use cloud storage platforms to host malicious websites, sending links via SMS to bypass firewalls
Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls
Bishop Fox said they have successfully developed an exploit for the vulnerability
The request called for consultant services to address the cyber-threat of doxxing