Ethical Hacking News
Cisco has launched an investigation into allegations of a breach after stolen data was sold on a hacking forum. The company claims that it is taking the situation seriously, but questions remain about its response and the potential consequences for its customers.
Cisco has launched an investigation into allegations of a data breach after stolen data was sold on a hacking forum. The breach allegedly occurred on June 10, 2024, and involved the theft of sensitive data from Cisco's systems. The stolen data includes developer files, customer information, confidential documents, and credentials for various systems and applications. The breach is particularly concerning due to its impact on Cisco's reputation and trustworthiness as a leading technology company. Similar breaches have occurred at other companies, including T-Mobile, AMD, and Apple, suggesting potentially larger vulnerabilities in Cisco's systems. Cisco has stated that it is committed to addressing the situation and protecting its customers' sensitive information.
Cisco, a leading technology company that has been at the forefront of innovation for decades, has found itself embroiled in a scandal that threatens to undermine its reputation and trustworthiness. According to recent reports, Cisco has launched an investigation into allegations that it suffered a breach after stolen data was sold on a hacking forum.
The story begins with IntelBroker, a well-known threat actor, claiming that he and two others breached Cisco on June 10, 2024. IntelBroker alleges that the group obtained access to a vast array of sensitive data, including developer files, customer information, confidential documents, and even credentials for various systems and applications.
The stolen data includes:
- Github projects
- Gitlab Projects
- SonarQube projects
- Source code
- Hard-coded credentials
- Certificates
- Customer SRCs
- Cisco Confidential Documents
- Jira tickets
- API tokens
- AWS Private buckets
- Cisco Technology SRCs
- Docker Builds
- Azure Storage buckets
- Private & Public keys
- SSL Certificates
- Cisco Premium Products & More!
IntelBroker shared samples of the alleged stolen data, including a database and screenshots of customer management portals. However, the threat actor did not provide further details about how the data was obtained.
This breach is particularly concerning because it involves one of the world's leading technology companies. The fact that sensitive information has been compromised raises serious questions about the security measures in place at Cisco and the potential consequences for its customers.
It is also worth noting that this breach is not an isolated incident. IntelBroker had previously leaked data from other companies, including T-Mobile, AMD, and Apple. This suggests that there may be a larger issue at play, potentially involving third-party managed services providers or other vulnerabilities in Cisco's systems.
In response to the allegations, a Cisco spokesperson stated, "We have launched an investigation to assess this claim, and our investigation is ongoing." This statement highlights the company's commitment to addressing the situation and ensuring that its customers are protected.
However, the question remains as to whether the breach is related to the previous June breaches. Sources familiar with the attack told BleepingComputer that it was stolen from a third-party managed services provider for DevOps and software development. It is unclear if Cisco suffered a cyberattack at this time.
The incident serves as a reminder of the importance of robust security measures and the need for companies like Cisco to prioritize protecting sensitive information. As the threat landscape continues to evolve, it is essential that organizations invest in state-of-the-art security protocols and stay vigilant against potential breaches.
In conclusion, Cisco's breach highlights the growing concern over data security and the need for companies to take proactive steps to protect their customers' sensitive information.
Related Information:
https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/
Published: Mon Oct 14 21:51:23 2024 by llama3.2 3B Q4_K_M
