A PC-Hacking Case Under Investigation by Scotland Yard Closed

HELP NET SECURITY reported on 9th October, 2015, quoting a warning by researchers of security firm, Volexity`, as "a Cisco product is being targeted by attackers and looking for a permanent means into the computer networks and systems of various organizations".

The security firm says that it has identified attacks against many organisations through the Cisco Clientless SSL VPN (WebVPN) that is a product that allows patrons of Cisco Adaptive Security Appliance (ASA) to securely gain entry into the business network through a web-based portal. Internauts can be permitted to access in-house files and web resources employing the VPN solution, and hence it is important to make sure that it is suitably protected against the attacks by hackers.

Attackers are exploiting the CVE-2014-3393 vulnerability to load these JavaScript snippets, and then they were amending the login page to enable them to record whatever users typed on the login fields.

As researchers of Volexity explain, the JavaScript snippet filled to carry out the XSS and record the credentials of the login was not even that much complicated which is being taken from a free scripts-sharing website on the Internet. It was difficult to detect due to the fact that JS file was covered via an encrypted connection being loaded via HTTPS.

The first observed method via HTTPS method was XSS. The first method was more complex but researchers of Volexity also say that if cybercriminals had hijacked the corporate network, they could have also been capable to install the backdoor via the WebVPN administrative interface which is possible but it is far more incredible scenario.

Cisco finally released a security notification to caution customers and give them the information required to detect cyebrattacks and eliminate the malicious code.

Securityweek.com published news on 8th October, 2015, quoting Stefano De Crescenzo, Incident Manager of Product Security Incident Response Team (PSIRT) of Cisco, as saying "An exploit could permit an unauthorized and unauthenticated attacker to alter the material of the Clientless SSL VPN portal, and comprise arbitrary code that could be employed for many type of Internet-based attack that include and not restricted to XSS, serving malware, stealing of credential, etc.".

» SPAMfighter News - 10/19/2015