Welcome to the Off-Shore Club

The #1 Social Engineering Project in the world since 2004 !

Important Notice:

✅UPGRADE YOUR ACCOUNT TODAY TO ACCESS ALL OFF-SHORE FORUMS✅

[New]Telegram Channel

In case our domain name changes, we advise you to subscribe to our new TG channel to always be aware of all events and updates -
https://t.me/rtmsechannel

OFF-SHORE Staff Announcement: 30% Bonus on ALL Wallet Deposit this week


For example, if you deposit $1000, your RTM Advertising Balance will be $1300 that can be used to purchase eligible products and service on forums or request withdrawal. The limit deposit to get the 30% bonus is $10,000 for a $3000 Marketplace wallet balance Bonus.

Deposit Now and claim 30% more balance ! - BTC/LTC/XMR


Always use a Mixer to keep Maximum anonimity ! - BTC to BTC or BTC to XMR

🗂️Keep in Mind Cisco warns of VPN zero-day exploited by ransomware gangs

⚠️Always Remember to keep your identity safe by using a Zero-KYC Zero-AML like https://coinshift.money⚠️

Gold

wub

Beginner Hacker
USDT(TRC-20)
$0.0
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.

The medium severity zero-day vulnerability impacts the VPN feature of Cisco ASA and Cisco FTD, allowing unauthorized remote attackers to conduct brute force attacks against existing accounts.

By accessing those accounts, the attackers can establish a clientless SSL VPN session in the breached organization's network, which can have varying repercussions depending on the victim's network configuration.

Last month, BleepingComputer reported that the Akira ransomware gang was breaching corporate networks almost exclusively through Cisco VPN devices, with cybersecurity firm SentinelOne speculating that it may be through an unknown vulnerability.

A week later, Rapid7 reported that the Lockbit ransomware operation also exploited an undocumented security problem in Cisco VPN devices in addition to Akira. However, the exact nature of the problem remained unclear.

At the time, Cisco released an advisory warning that the breaches were conducted by brute forcing credentials on devices without MFA configured.

This week, Cisco confirmed the existence of a zero-day vulnerability that was used by these ransomware gangs and provided workarounds in an interim security bulletin.

However, security updates for the impacted products are not available yet.

Vulnerability details​

The CVE-2023-20269 flaw is located within the web services interface of the Cisco ASA and Cisco FTD devices, specifically the functions that deal with authentication, authorization, and accounting (AAA) functions.

The flaw is caused by improperly separating the AAA functions and other software features. This leads to scenarios where an attacker can send authentication requests to the web services interface to impact or compromise authorization components.

Since these requests have no limitation, the attacker can brute force credentials using countless username and password combinations without being rate-limited or blocked for abuse.

For the brute force attacks to work, the Cisco appliance must meet the following conditions:

  • At least one user is configured with a password in the LOCAL database or HTTPS management authentication points to a valid AAA server.
  • SSL VPN is enabled on at least one interface or IKEv2 VPN is enabled on at least one interface.
If the targeted device runs Cisco ASA Software Release 9.16 or earlier, the attacker can establish a clientless SSL VPN session without additional authorization upon successful authentication.

To establish this clientless SSL VPN session, the targeted device needs to meet these conditions:

  • The attacker has valid credentials for a user present either in the LOCAL database or in the AAA server used for HTTPS management authentication. These credentials could be obtained using brute force attack techniques.
  • The device is running Cisco ASA Software Release 9.16 or earlier.
  • SSL VPN is enabled on at least one interface.
  • The clientless SSL VPN protocol is allowed in the DfltGrpPolicy.

Mitigating the flaw​

Cisco will release a security update to address CVE-2023-20269, but until fixes are made available, system administrators are recommended to take the following actions:

  • Use DAP (Dynamic Access Policies) to stop VPN tunnels with DefaultADMINGroup or DefaultL2LGroup.
  • Deny access with Default Group Policy by adjusting vpn-simultaneous-logins for DfltGrpPolicy to zero, and ensuring that all VPN session profiles point to a custom policy.
  • Implement LOCAL user database restrictions by locking specific users to a single profile with the 'group-lock' option, and prevent VPN setups by setting 'vpn-simultaneous-logins' to zero.
Cisco also recommends securing Default Remote Access VPN profiles by pointing all non-default profiles to a sinkhole AAA server (dummy LDAP server) and enabling logging to catch potential attack incidents early.

Finally, it is crucial to note that multi-factor authentication (MFA) mitigates the risk, as even successfully brute-forcing account credentials wouldn't be enough to hijack MFA-secured accounts and use them to establish VPN connections.
 
Is it any good? Source? I can build some generators or undetected versions. Something to develop...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Friendly Disclaimer We do not host or store any files on our website except thread messages, most likely your DMCA content is being hosted on a third-party website and you need to contact them. Representatives of this site ("service") are not responsible for any content created by users and for accounts. The materials presented express only the opinions of their authors.
🚨 Do not get Ripped Off ! ⚖️ Deal with approved sellers or use RTM Escrow on Telegram
Gold
Mitalk.lat official Off Shore Club Chat


Gold

Panel Title #1

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Panel Title #2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Top