U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Equation Group’s exploit ExtraBacon works on newer Cisco ASA

Security experts have improved the ExtraBacon exploit included in the NSA Equation Group arsenal to hack newer version of CISCO ASA appliance. The data dump leaked online by ShadowBrokers is a treasure for security experts and hackers that are analyzing every tool it contains. Cisco and Fortinet have confirmed their network appliance are vulnerable to the exploits […]

CISCO ASA

Security experts have improved the ExtraBacon exploit included in the NSA Equation Group arsenal to hack newer version of CISCO ASA appliance.

The data dump leaked online by ShadowBrokers is a treasure for security experts and hackers that are analyzing every tool it contains.

Cisco and Fortinet have confirmed their network appliance are vulnerable to the exploits listed in the leaked dump.

Recently security researchers tested the BENIGNCERTAIN tool included in the precious archive belonging to the NSA Equation Group that allows attackers to extract VPN passwords from certain Cisco devices.

Now the Hungary-based security consultancy SilentSignal has focused his analysis on another exploit that could be used against the newer models of Cisco’s Adaptive Security Appliance (ASA).

The security firm has demonstrated that the NSA-linked Cisco exploit dubbed ExtraBacon poses a bigger threat than previously thought.

Initially, the ExtraBacon exploit was restricted to versions 8.4.(4) and earlier of the CISCO ASA boxes and has now been expanded to 9.2.(4).

CISCO ASA Software 2

An attacker who has already gained a foothold in a targeted network could use the zero-day exploit to take full control of a firewall.

In an e-mail sent to ArsTechnica, SilentSignal researcher Balint Varga-Perke wrote:

“We first started to work on the exploit mainly to see how easy it would be to add support for other (newer) versions. Turns out it is very easy, that implies two things:

  • The leaked code is not as poor quality as some might suggest
  • The lack of exploit mitigation techniques in the target Cisco software makes the life of attackers very easy”

Experts from the IT vendor Juniper also confirmed that one of the exploits in the Equation Group archive could be used to hack the Juniper NetScreen firewalls, they also confirmed that are conduction further investigation on the exploit.

The tool codenamed FEEDTROUGH and ZESTYLEAK could be used by attackers to target Juniper Netscreen firewalls, the company is investigating their efficiency.

“As part of our analysis of these (Equation Group) files, we identified an attack against NetScreen devices running ScreenOS,” explained the company incident response director Derrick Scholl.

“We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices.”

“We will continue to evaluate exactly what level of access is necessary in order to execute the attack, whether it is possible to detect the attack, and if other devices are susceptible.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CISCO ASA, ExtraBacon exploit)