好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户已经提供了文章内容和一个示例总结,所以我需要理解文章的主要信息,然后将其浓缩成简洁的描述。 首先,我快速浏览文章。文章主要讲的是思科公司发现了一个严重的安全漏洞,黑客正在利用这个漏洞完全控制其部分产品。这些产品包括Cisco Secure Email Gateway等。漏洞涉及“垃圾邮件隔离”功能,该功能默认未启用且不需要暴露在互联网上。思科建议受影响的设备进行重置和重建软件,并指出目前没有补丁可用。此外,攻击活动可能自2025年11月底以来一直在进行,并与中国的网络犯罪组织有关。 接下来,我需要提取关键点:思科宣布漏洞、影响的产品、漏洞特征、当前无补丁、建议措施、攻击时间线和来源。 现在,我要将这些信息整合成一个连贯的句子,确保不超过100字。同时,避免使用“这篇文章”或“内容总结”这样的开头词。 最后,检查字数是否符合要求,并确保信息准确无误。 </think> 思科发现黑客正利用其部分产品的严重漏洞完全控制设备,受影响产品包括Cisco Secure Email Gateway等。该漏洞涉及“垃圾邮件隔离”功能,默认未启用且无需暴露于互联网。目前无补丁可用,思科建议受影响设备重置并重建软件。攻击活动自2025年11月底以来持续进行,并与中国的网络犯罪组织有关。 2025-12-17 19:16:46 Author: techcrunch.com(查看原文) 阅读量:3 收藏
On Wednesday, Cisco announced hackers are exploiting a critical vulnerability in some of its most popular products that allows the full takeover of affected devices. Worse, there are no patches available at this time.
In a security advisory, Cisco said it discovered a hacking campaign on December 10 targeting Cisco AsyncOS software, and in particular the physical and virtual appliances Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. The advisory said affected devices have a feature called “Spam Quarantine” enabled and are reachable from the internet.
Cisco noted that this feature is not enabled by default and does not need to be exposed to the internet, which may be good news. Michael Taggart, a senior cybersecurity researcher at UCLA Health Sciences, told TechCrunch that “the requirement of an internet-facing management interface and certain features being enabled will limit the attack surface for this vulnerability.”
However, Kevin Beaumont, a security researcher who tracks hacking campaigns, told TechCrunch that this appears to be a particularly problematic hacking campaign since a lot of big organizations use the affected products, there are no patches available, and it’s unclear how long the hackers had backdoors in the affected systems.
At this point Cisco is not saying how many customers are affected.
When reached by TechCrunch, Cisco spokesperson Meredith Corley did not answer a series of questions, and instead said that the company “is actively investigating the issue and developing a permanent remediation.”
Contact Us
Do you have more information about this hacking campaign? Such as what companies were targeted? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
The solution Cisco is suggesting to customers right now is essentially to wipe and rebuild the affected products’ software, as there is no patch available.
“In case of confirmed compromise, rebuilding the appliances is, currently, the only viable option to eradicate the threat actors persistence mechanism from the appliance,” the company wrote.
The hackers behind the campaign are linked to China and other known Chinese government hacking groups, according to Cisco Talos, the company’s threat intelligence research team, which published a blog post about the hacking campaign.
The researchers wrote that the hackers are taking advantage of the vulnerability, which at this point is a zero-day, to install persistent backdoors, and that the campaign has been ongoing “since at least late November 2025.”
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
如有侵权请联系:admin#unsafe.sh