The Australian Signals Directorate (ASD) issued a bulletin regarding significant cyber threats aimed at unpatched Cisco IOS XE devices in Australia. These attacks are conducted using a malicious implant named BADCANDY, which has not been previously documented.
Central to these attacks is the exploitation of a critical vulnerability, CVE-2023-20198, which carries a CVSS score of 10.0. This vulnerability permits a remote and unauthenticated attacker to generate potentially harmful actions on targeted systems, underscoring serious risks for organizations that have yet to apply necessary patches. The ongoing nature of these attacks emphasizes the importance of vigilance and immediate action for cybersecurity professionals managing Cisco infrastructure.
👉 Pročitaj original: The Hacker News
