www.scworld.com
Open in
urlscan Pro
2606:4700:20::681a:446
Public Scan
URL:
https://www.scworld.com/news/cisco-confirms-breach-of-public-facing-devhub-site
Submission: On November 19 via manual from CA — Scanned from CA
Submission: On November 19 via manual from CA — Scanned from CA
Form analysis 1 forms found in the DOM
<form class="w-100" scmag-registration="set">
<div class="my-2 font-body"><label for="email" class="visually-hidden form-label col-form-label col">Business Email</label><input required="" placeholder="Business Email*" type="email" id="email" class="fs-7 text-black p-3 form-control" value="">
</div>
<div class="fs-9 my-4">
<p>By clicking the Subscribe button below, you agree to <span class="text-nowrap">SC Media<!-- --> </span><a class="text-underline" target="_blank" href="https://www.cyberriskalliance.com/terms-of-use">Terms of Use</a><span> and
</span><a class="text-underline" target="_blank" href="https://www.cyberriskalliance.com/terms-of-use#privacy-policy">Privacy Policy</a>.</p>
</div>
<div class="row"><button type="submit" class="col-6 btn btn-primary">Subscribe</button></div>
</form>Text Content
Log inRegister CISO Stories Topics Topic Hubs Events Podcasts Research Recognition About Open Search Bar ADVERTISEMENT Network Security, DevOps, Breach CISCO CONFIRMS BREACH OF PUBLIC-FACING DEVHUB SITE October 21, 2024 Share By Steve Zurier (Adobe Stock) Cisco confirmed Oct. 18 that it experienced a breach on its public-facing DevHub environment, but that no internal systems were compromised. According to Cisco, only a small number of files that were not authorized for public download may have been published. DevHub runs as a resource center that lets Cisco support its customers by making available software code and scripts as needed. As a cautionary move, Cisco disabled public access to DevHub until it completes its investigation. The recent Cisco breach was reportedly first announced on a cybercrime forum on Oct. 14 by the hacker known as IntelBroker. On the crime site, IntelBroker claimed to have obtained GitHub and SonarQube projects, as well as many other sensitive assets, including source code, hardcoded credentials, certificates, confidential documents, Jira tickets, API tokens, AWS private buckets, and encryption keys. One of the recent victims — Deloitte — also said publicly that the breach by IntelBroker did not involve sensitive data. ADVERTISEMENT FUTURE ATTACKS POSSIBLE FROM CISCO BREACH Security pros responded to Cisco’s claims that the breach was limited in scope with cautious optimism. “Even if the compromised environments were meant to be public-facing, exposing sensitive information such as source code, credentials, and API tokens can have significant security implications,” said Eric Schwake, director of cybersecurity strategy at Salt Security. “It's crucial to remember that attackers often exploit seemingly minor vulnerabilities to gain a foothold and potentially pivot to more sensitive systems.” Schwake said these intrusions run the risk of attackers using the exposed information to launch additional attacks. Exposed source code can reveal vulnerabilities that attackers can exploit in other systems, and hardcoded credentials and API tokens can grant unauthorized access to sensitive resources and data, said Schwake. “Even seemingly harmless information, such as Jira tickets or internal documents, can provide valuable intelligence to attackers, allowing them to create more targeted and effective attacks,” Schwake explained. While Cisco may not have had its core systems directly compromised, the data obtained — including source code, API tokens, certificates, and credentials — represents significant risks if leveraged for future attacks, said Jason Soroko, senior fellow at Sectigo. “Public-facing environments are often seen as less critical. But in reality, they can expose sensitive information that serves as stepping stones to deeper intrusions,” said Soroko. Evan Dornbush, a former NSA cybersecurity expert, said there are two main issues with these types of intrusions. First, the narrative is an incomplete picture, said Dornbush: Cisco might not have been breached internally, but the third-party service Cisco uses to host its data still has Cisco data. Knowing where data resides, understanding who’s responsible for securing it, and who’s accountable for post-breach disclosures is complex, and not all organizations are set up to manage the rise of third-party cloud technologies. The second issue, said Dornbush, is that an attacker who obtains access to the disclosed data, which includes proprietary code and access measures, can now use that information to develop zero-day exploits and other methods to access or manipulate customer-owned devices, efforts we won’t see immediately. “Although its list is quantifiable and finite, if IntelBroker has what it claimed: hardcoded credentials, encryption keys, and API tokens, then Cisco has a decent amount of work ahead to prevent those assets from being used in production,” said Dornbush. “Even though Cisco felt comfortable sharing Cisco-proprietary source code and scripts with select customers, it may want to do additional review of what was posted since source code access can be a gold mine to competitors and security researchers alike.” AN IN-DEPTH GUIDE TO NETWORK SECURITY Get essential knowledge and practical strategies to fortify your network security. Learn More Steve Zurier RELATED Zero trust ZSCALER LAUNCHES ZERO TRUST SEGMENTATION TO SIMPLIFY AND SECURE NETWORKS SC StaffNovember 19, 2024 The offering eliminates enterprises' reliance on traditional firewalls, software-defined wide-area networks, and site-to-site virtual private networks by creating virtual islands from existing company branches, factories, and cloud environments. Network Security PALO ALTO SOUNDS ALARM OVER PAN-OS ZERO-DAY ATTACKS Shaun NicholsNovember 18, 2024 Palo Alto Networks says that customer devices could be under threat from an actively-targeted critical security flaw Breach T-MOBILE REPORTEDLY COMPROMISED IN SWEEPING CHINESE ATTACK AGAINST TELCOS SC StaffNovember 18, 2024 Investigation into the reported breach — which the New York Times reported had been conducted to target the campaigns of President-elect Donald Trump and Vice President Kamala Harris — is already being conducted by T-Mobile, which has so far not discovered evidence suggesting that its systems or data had been affected by the intrusion. RELATED EVENTS * Cybercast BUILDING MODERN NETWORK SECURITY: FORECAST AND GUIDANCE: LATE 2024, EARLY 2025 On-Demand Event * Cybercast THE SECURITY EXPERTS NEXT DOOR: ENTERPRISE DEFENSE ON A LEAN BUDGET On-Demand Event * Virtual Conference NETWORK SECURITY: NEW TOOLS FOR AN AGING ART Tue Dec 17 Related Terms Address Resolution Protocol (ARP)Attack VectorBandwidthBorder Gateway Protocol (BGP)BridgeCrossover CableCut-ThroughDecapsulationDemilitarized Zone (DMZ)Domain Name ADVERTISEMENT GET DAILY EMAIL UPDATES SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy. Subscribe X -------------------------------------------------------------------------------- ABOUT US SC MediaCyberRisk AllianceContact UsCareersPrivacy GET INVOLVED SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us EXPLORE Product reviewsResearchWhite papersWebcastsPodcasts Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization. Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use. COOKIES This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you. If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies. Accept cookies