www.darkreading.com
Open in
urlscan Pro
2606:4700::6811:7563
Public Scan
URL:
https://www.darkreading.com/remote-workforce/cisco-warns-anyconnect-vpns-active-cyberattack
Submission: On October 27 via manual from RS — Scanned from DE
Submission: On October 27 via manual from RS — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud ICS/OT Remote Workforce Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Physical Security IoT Black Hat news Omdia Research Security Now Events Close Back Events Events * Understanding Cyber Attackers - A Dark Reading Nov 17 Event * Black Hat Europe - December 5-8 - Learn More Webinars * Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker Nov 02, 2022 * Building & Maintaining an Effective Incident Readiness and Response Plan Nov 08, 2022 Resources Close Back Resources Reports > Slideshows > Tech Library > Webinars > White Papers > Partner Perspectives: Microsoft > Subscribe Login / Register The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud ICS/OT Remote Workforce Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Physical Security IoT Black Hat news Omdia Research Security Now Events Close Back Events Events * Understanding Cyber Attackers - A Dark Reading Nov 17 Event * Black Hat Europe - December 5-8 - Learn More Webinars * Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker Nov 02, 2022 * Building & Maintaining an Effective Incident Readiness and Response Plan Nov 08, 2022 Resources Close Back Resources Reports > Slideshows > Tech Library > Webinars > White Papers > Partner Perspectives: Microsoft > The Edge DR Tech Sections Close Back Sections Featured Sections The Edge Dark Reading Technology Attacks / Breaches Cloud ICS/OT Remote Workforce Perimeter Analytics Security Monitoring Security Monitoring App Sec Database Security Database Security Risk Compliance Compliance Threat Intelligence Endpoint AuthenticationMobile SecurityPrivacy AuthenticationMobile SecurityPrivacy Vulnerabilities / Threats Advanced ThreatsInsider ThreatsVulnerability Management Advanced ThreatsInsider ThreatsVulnerability Management Operations Identity & Access ManagementCareers & People Identity & Access ManagementCareers & People Physical Security IoT Black Hat news Omdia Research Security Now Events Close Back Events Events * Understanding Cyber Attackers - A Dark Reading Nov 17 Event * Black Hat Europe - December 5-8 - Learn More Webinars * Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker Nov 02, 2022 * Building & Maintaining an Effective Incident Readiness and Response Plan Nov 08, 2022 Resources Close Back Resources Reports > Slideshows > Tech Library > Webinars > White Papers > Partner Perspectives: Microsoft > -------------------------------------------------------------------------------- Subscribe Login / Register SEARCH A minimum of 3 characters are required to be typed in the search bar in order to perform a search. Announcements 1. 2. Event Understanding Cyber Attackers - A Dark Reading November 17 Virtual Event | <GET YOUR PASS> Report Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW> PreviousNext Remote Workforce 1 MIN READ Quick Hits CISCO WARNS ANYCONNECT VPNS UNDER ACTIVE CYBERATTACK Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures. Tara Seals Managing Editor, News, Dark Reading October 26, 2022 Source: The lightwriter via Alamy Stock Photo PDF A pair of known security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows is being actively exploited in the wild, despite being patched for two-plus years. The networking giant is warning that cybercrime groups are pressing two local privilege escalation (LPE) bugs into service, with active exploit chains against the VPN platform being observed starting this month. The first flaw (CVE-2020-3153, with a CVSS score of 6.5) would allow a logged-in user to send a specially crafted IPC message to the AnyConnect process to perform DLL hijacking and execute arbitrary code on the affected machine with SYSTEM privileges. The second issue (CVE-2020-3433, with a CVSS score of 7.8) could allow a logged-in user to copy arbitrary files to system-level directories with SYSTEM privileges. "In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," Cisco noted in the updated advisories. The situation showcases the danger that older vulnerabilities continue to pose to companies and individuals. LPE patches are often de-prioritized in the glut of updates that businesses are faced with every month, but exploit chains often combine a remote code execution (RCE) bug for initial access with an LPE exploit for burrowing deeper into corporate networks and uncovering sensitive information. The US Cybersecurity and Infrastructure Security Agency (CISA) also this week added the bugs to its Known Exploited Vulnerabilities (KEV) catalog, along with four even older bugs in Cisco's Gigabyte gaming and graphics drivers (CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, CVE-2018-19323). Sophos flagged exploitation of the latter earlier in the month by the BlackByte ransomware gang. Vulnerabilities/ThreatsThreat IntelligenceAttacks/BreachesMobileEndpointApplication SecurityVulnerability Management Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe More Insights White Papers * State of Email Security * 5 Takeaways from Major Cybersecurity Headlines More White Papers Webinars * Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker * Building & Maintaining an Effective Incident Readiness and Response Plan More Webinars Reports * How Machine Learning, AI & Deep Learning Improve Cybersecurity * Breaches Prompt Changes to Enterprise IR Plans and Processes More Reports Editors' Choice Microsoft Updates Mitigation for Exchange Server Zero-Days Jai Vijayan, Contributing Writer, Dark Reading School Is in Session: 5 Lessons for Future Cybersecurity Pros Chris Jacob, VP, Threat Intelligence Engineering at ThreatQuotient Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast Dark Reading Staff, Dark Reading CISA: Multiple APT Groups Infiltrate Defense Organization Robert Lemos, Contributing Writer, Dark Reading Webinars * Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker * Building & Maintaining an Effective Incident Readiness and Response Plan * State of Bot Attacks: What to Expect in 2023 * Analyzing and Correlating Security Operations Data * Understanding Cyber Attackers & Their Methods More Webinars Reports * How Machine Learning, AI & Deep Learning Improve Cybersecurity * Breaches Prompt Changes to Enterprise IR Plans and Processes * Implementing Zero Trust In Your Enterprise: How to Get Started * 6 Elements of a Solid IoT Security Strategy * Incorporating a Prevention Mindset into Threat Detection and Response More Reports White Papers * State of Email Security * 5 Takeaways from Major Cybersecurity Headlines * Top Cloud Threats to Cloud Computing: Pandemic Eleven * Unit 42 Retainer * Implementing Zero Trust In Your Enterprise: How to Get Started More White Papers Events * Understanding Cyber Attackers - A Dark Reading Nov 17 Event * Black Hat Europe - December 5-8 - Learn More * Black Hat Middle East & Africa - November 15-17 - Learn More More Events More Insights White Papers * State of Email Security * 5 Takeaways from Major Cybersecurity Headlines More White Papers Webinars * Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker * Building & Maintaining an Effective Incident Readiness and Response Plan More Webinars Reports * How Machine Learning, AI & Deep Learning Improve Cybersecurity * Breaches Prompt Changes to Enterprise IR Plans and Processes More Reports DISCOVER MORE FROM INFORMA TECH * Interop * InformationWeek * Network Computing * ITPro Today * Data Center Knowledge * Black Hat * Omdia WORKING WITH US * About Us * Advertise * Reprints FOLLOW DARK READING ON SOCIAL * * * * * * Home * Cookies * Privacy * Terms Copyright © 2022 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. This site uses cookies to provide you with the best user experience possible. By using Dark Reading, you accept our use of cookies. Accept