Zettawise Cyber Range focusses on assessing the vulnerabilities involved in the process safety, system reliability and physical reliability of the Operating Technology of the Critical Infrastructures.
Member of :

Zettawise Consulting is a part of the joint workforce of SASTRA (RRU, Ministry of Home Affairs, Govt of India) under the aegis of “AtmaNirbhar and AtmaSurakshit Bharat Mission” of Govt of India.
Get Consultation

CISCO Breach Alert: ‘Limited Set’ of Customers Informed as Hackers Access Sensitive Data

05 Nov 2024 By , ,
CISCO recently announced that a hacker gained access to certain non-public files during a security incident revealed in October.

CISCO, the tech giant, has consistently refuted claims of a breach but disclosed on October 18 that its investigation revealed a threat actor accessed and downloaded data from its public-facing DevHub environment. This platform, which hosts software code, scripts, and other resources for customers, was found to contain a small number of files that were unintentionally made available for download.

On Thursday, CISCO updated its statement and said “a limited set of CX Professional Services customers had files included and we notified them directly.”

“In the event that we identify further customer files, we will notify the relevant customers. Customers with outstanding questions can follow up with their account teams,” the company said.

These statements come after a well-known hacker, on October 14, posted large amounts of allegedly stolen technical documents and production source code from numerous Fortune 500 companies on a cybercrime forum.

Over the weekend, the hacker claimed on social media platform X that CISCO had offered $200,000 for the post’s removal, an offer they reportedly refused. When asked about this claim, a Cisco spokesperson referred Recorded Future News to statements previously released in October, including the latest issued last Thursday.

Following the incident, the company blocked public access to the site where the documents were accessed and subsequently compiled a list of files that they suspect the threat actor downloaded during the period the repositories were publicly accessible.

“The vast majority of the information on our DevHub site is software artifacts (e.g., software code, templates, and scripts) that we intentionally make publicly available,” the company said. 

“We have, however, identified files that were not intended for public download that were inadvertently published on the site as a result of a configuration error. These files were not discoverable or indexed by search engines, such as Google.”

The October 31 statement confirms that the configuration error has been fixed, and the company is continuing to assess the contents of the files that were accessed.

 

Recent Articles

07 Jan 2025
Hackers Exploit Popular VPN and AI Extensions on Google Chrome to Steal Data
03 Jan 2025
Top 5 Government-Led Cybersecurity Programs Shaping India’s Digital Landscape
30 Dec 2024
UN Cybercrime Treaty: A Global Solution or a Threat to Digital Freedom?