Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco released a tool to scan for SYNful_Knock implants

Talos has developed a Python script for customers to scan their own network to identify routers that may have been compromised by the SYNful_Knock hack. A couple of weeks ago I published the news of the SYNful_knock security issue involving CISCO routers. CISCO issued an alert to warn enterprise customers about a spike in attacks in which hackers use […]

Cisco released a tool to scan for SYNful_Knock implants

Talos has developed a Python script for customers to scan their own network to identify routers that may have been compromised by the SYNful_Knock hack.

A couple of weeks ago I published the news of the SYNful_knock security issue involving CISCO routers.

CISCO issued an alert to warn enterprise customers about a spike in attacks in which hackers use valid admin credentials on IOS devices to install bogus ROMMON images, which is the bootstrap program that initializes the CISCO hardware and boot the software. A few days ago, security experts at Mandiant confirmed to have detected such “implants” in the wild, the researchers found the malicious ROMMON images dubbed “SYNful_Knock,” on 14 Cisco routers located in Ukraine, Philippines, India and Mexico. The Cisco models 1841, 2811, 3825 are affected, it is important to highlight that they are no longer being on the market.

SYNful_Knock Details malicious ROMMON 2

Now Cisco has decided to provide a free tool, dubbed SYNful_knock scanner, to allow administrators to test it their routers was running a bogus firmware implanted through the “SYNful_knock” hack.

To administrators need Python 2.7 and the scapy 2.3.1 packet manipulation library in order to launch the tool.

The Cisco Talos security group analyzed the malicious implants that infected a number of its customers and developed a tool to scan a network searching for compromised routers.

“Talos has now developed a tool for customers to scan their own network to identify routers that may have been compromised by this specific malware.” explained William McVey of the Talos Group.  

The tool developed by Cisco is able to detect only the currently known version of the malicious implants.

“This tool can only detect hosts responding to the malware ‘knock’ as it is known at a particular point in time … it cannot establish that a network does not have malware that might have evolved to use a different set of signatures.”

To run the tool, you’ll need Python 2.7 and the scapy 2.3.1 packet manipulation library.

Pierluigi Paganini

(Security Affairs – CISCO, SYNful_knock)