Australia BadCandy , Cisco firewall attack, Aardvark eats bugs

Australia Warns of BadCandy Cyber Exploit

The Australian Signals Directorate (ASD) has issued a warning about cyber attacks targeting unpatched Cisco IOS XE devices in Australia. These attacks leverage a previously unknown implant named BadCandy, exploiting a vulnerability with a CVSS score of 10.0 that allows unauthenticated attackers to create accounts with elevated privileges.

Details on BadCandy Implant

BadCandy is described as a low-profile, Lua-based web shell. It lacks persistence, meaning it cannot survive system reboots. However, if the device remains unpatched and accessible via the internet, attackers can reintroduce the malware to regain control.

Chinese Hackers Exploit Cisco ASA Firewalls

Security researchers from Palo Alto Networks’ Unit 42 report that a China-based hacking group, Storm-1849, is actively scanning and attacking Cisco Adaptive Security Appliances (ASA). These firewalls, widely used by governments in the U.S., Europe, and Asia, also provide intrusion prevention, spam filtering, antivirus functions, and more.

Storm-1849 is "scanning for and exploiting a popular line of Cisco firewalls used by governments in the U.S., Europe and Asia."

The attacks have targeted various U.S. financial institutions, defense contractors, and military organizations during October.

OpenAI's Aardvark AI Detects and Fixes Bugs

OpenAI’s Aardvark has been highlighted for its role in finding and fixing software bugs efficiently, aiding in cybersecurity efforts.

Summary

This recent wave of cyber threats exploits critical vulnerabilities in widely used Cisco devices, emphasizing the urgent need for timely patching and robust defense mechanisms.

more

CISO Series CISO Series — 2025-11-03

More News