- Регистрация
- 10.03.26
- Сообщения
- 34
- Реакции
- 31
A vulnerability patched earlier this month by Cisco in its firewalls has been exploited as a zero-day since at least late January, according to Amazon’s threat intelligence team.
The vulnerability is tracked as CVE-2026-20131 and it affects the Secure Firewall Management Center (FMC) software. The availability of Для просмотра ссылки Войдиили Зарегистрируйся was announced on March 4, when Cisco patched dozens of other vulnerabilities in its FMC, ASA, and Secure FTD products.
CVE-2026-20131 impacts the web-based management interface of FMC software and it can be exploited by a remote, unauthenticated attacker to execute arbitrary Java code with root privileges.
Cisco noted at the time of disclosure that not exposing the FMC management interface to the internet reduces the vulnerability’s attack surface.
Cisco updated its Для просмотра ссылки Войдиили Зарегистрируйся on Wednesday to inform customers about in-the-wild exploitation.
The Amazon researchers came across a misconfigured infrastructure server used by the Interlock group, which enabled them to collect information on the threat actor’s attack chain, custom RATs, reconnaissance scripts, and evasion techniques.
“Interlock has historically targeted specific sectors where operational disruption creates maximum pressure for payment,” Amazon noted. “Education represents the largest share of their activity, followed by engineering, architecture, and construction firms, manufacturing and industrial organizations, healthcare providers, and government and public sector entities.”
An analysis of timestamps from threat activity, server artifacts, and embedded metadata indicates that the threat actor most likely operates in the UTC+3 time zone. The observed pattern shows initial daily activity around 08:30, peak operations between 12:00 and 18:00, and a consistent low-activity window from approximately 00:30 to 08:30.
While Amazon has not named the country from where the cybercriminals appear to be operating, this temporal analysis suggests the hackers are likely based in Russia, with secondary possibilities in Belarus or select Middle Eastern countries.
Amazon has shared Для просмотра ссылки Войдиили Зарегистрируйся to help defenders detect and block Interlock ransomware attacks.
Копипаста. Знаю что многие редко смотрят новости, а то и вовсе не смотрят, поэтому буду иногда выкладывать подобные посты.
Для просмотра ссылки Войдиили ЗарегистрируйсяДля просмотра ссылки Войди или Зарегистрируйся
The vulnerability is tracked as CVE-2026-20131 and it affects the Secure Firewall Management Center (FMC) software. The availability of Для просмотра ссылки Войди
CVE-2026-20131 impacts the web-based management interface of FMC software and it can be exploited by a remote, unauthenticated attacker to execute arbitrary Java code with root privileges.
Cisco noted at the time of disclosure that not exposing the FMC management interface to the internet reduces the vulnerability’s attack surface.
Cisco updated its Для просмотра ссылки Войди
The Amazon researchers came across a misconfigured infrastructure server used by the Interlock group, which enabled them to collect information on the threat actor’s attack chain, custom RATs, reconnaissance scripts, and evasion techniques.
“Interlock has historically targeted specific sectors where operational disruption creates maximum pressure for payment,” Amazon noted. “Education represents the largest share of their activity, followed by engineering, architecture, and construction firms, manufacturing and industrial organizations, healthcare providers, and government and public sector entities.”
An analysis of timestamps from threat activity, server artifacts, and embedded metadata indicates that the threat actor most likely operates in the UTC+3 time zone. The observed pattern shows initial daily activity around 08:30, peak operations between 12:00 and 18:00, and a consistent low-activity window from approximately 00:30 to 08:30.
While Amazon has not named the country from where the cybercriminals appear to be operating, this temporal analysis suggests the hackers are likely based in Russia, with secondary possibilities in Belarus or select Middle Eastern countries.
Amazon has shared Для просмотра ссылки Войди
Копипаста. Знаю что многие редко смотрят новости, а то и вовсе не смотрят, поэтому буду иногда выкладывать подобные посты.
Для просмотра ссылки Войди
