Tuesday, December 10, 2024

A Decade-Old Cisco ASA WebVPN Vulnerability

If your systems are still susceptible to a decade-old vulnerability, it's clear that your vulnerability or patch management systems are not functioning effectively, or perhaps both.

This is not a hypothetical situation, but a real-world occurrence. Actually it's no surprise, as many organizations still lack a proper vulnerability management system. The worst part is, some of them are unaware of the risks involved with not having a vulnerability management system.


https://bit.ly/3Vxf5vr


"Cisco on Monday (2 Dec 2024) updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).


The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance."


"The development comes shortly after cybersecurity firm CloudSEK revealed that the threat actors behind AndroxGh0st are leveraging an extensive list of security vulnerabilities in various internet-facing applications, including CVE-2014-2120, to propagate the malware."

Sunday, December 1, 2024

Cyber Attacks on UK Drinking Water Supplies

Cybersecurity is paramount for all sectors, especially those critical to our infrastructure. The consequences can be catastrophic if critical infrastructures are compromised by cyberattacks. Imagine the chaos that would ensue if you were without water for even three days.


A record number of cyber incidents impacted Britain’s critical drinking water supplies in 2024 without being publicly disclosed.


https://bit.ly/4fRV0s2


"Across all regulated critical national infrastructure sectors, more NIS incidents have been reported this year than ever before, with the transport and drinking water sectors the most impacted. In 2024, there were at least six incidents affecting drinking water infrastructure, according to data collected by Recorded Future News using the Freedom of Information (FOI) Act. In previous years there were no more than two."