Support ThreatWire → https://www.patreon.com/threatwire

Cisco's recent zero-day exploit takes an obfuscation turn, VMware alerts users of a significant auth bypass flaw, and Citrix grapples with session hijacking attacks that have CISA raising an eyebrow.

[!!] ThreatWire Patreon has moved to https://www.patreon.com/threatwire - thanks for your support!

LINKS
Cisco
https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html
https://twitter.com/VulnCheckAI/status/1716541908489543725
https://twitter.com/onyphe/status/1715633541264900217
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html
https://www.cisa.gov/news-events/alerts/2023/10/23/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities

VMWare
https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
https://github.com/horizon3ai/CVE-2023-34051

Citrix
https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967
https://www.cisa.gov/news-events/alerts/2023/10/19/cisa-adds-two-known-exploited-vulnerabilities-catalog


____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.