Australia Warns of BadCandy Exploit
The Australian Signals Directorate (ASD) has issued a warning about cyber attacks targeting unpatched Cisco IOS XE devices. These attacks involve a previously undisclosed implant called BadCandy, which exploits a vulnerability with a CVE identifier and a maximum CVSS score of 10.0.
BadCandy allows unauthenticated attackers to create accounts with elevated privileges. It is characterized as a “low equity Lua-based web shell” without persistence, meaning it cannot survive system reboots. However, if affected devices remain unpatched and accessible online, attackers can reinfect and regain access.
Chinese Hackers Exploiting Cisco ASA Firewalls
Experts at Palo Alto Networks’ Unit 42 reveal that the Chinese hacking group Storm-1849 has been actively scanning and exploiting Cisco Adaptive Security Appliances (ASA), which serve as firewalls and perform additional security functions like intrusion prevention, spam filtering, and antivirus scans.
The group targets Cisco ASA devices used widely by government agencies across the U.S., Europe, and Asia. Multiple U.S. financial institutions, defense contractors, and military organizations experienced attacks throughout October.
OpenAI’s Aardvark Finds and Fixes Bugs
OpenAI’s Aardvark tool has been instrumental in identifying and addressing software bugs, contributing to increased security and stability in affected systems.
"BadCandy is described as a 'low equity Lua-based web shell.' It lacks a persistence mechanism which means it cannot survive across system reboots, but if a device remains unpatched and exposed to the internet, it's possible for the threat actor to re-introduce the malware and regain access to it."
"Hackers from China-based Storm-1849 are scanning for and exploiting a popular line of Cisco firewalls used by governments in the U.S., Europe and Asia."
Summary
Australia warns about the BadCandy exploit on Cisco devices, Chinese hackers continue targeting Cisco ASA firewalls globally, while OpenAI’s Aardvark aids in detecting and fixing vulnerabilities.
More News
- Etihad Airways Adds New 8-Hour Airbus A321LR Flights To Europe
- ‘My heart is broken’: Domestic worker mourns sister who died in Hong Kong fire
- [Les structures causales en français : exprimer la cause]
- Etihad’s A380 to Tokyo in Summer 2026
- Steve Cropper, Stax Records and Blues Brothers Guitarist, Dies at 84
- November Routes Roundup: Etihad Airways Launches Abu Dhabi–Tokyo A380 Service
- Paddy Pimblett's Bold Prediction For Justin Gaethje UFC Fight
- Etihad to welcome over 2 million December passengers as winter travel demand soars
- Kayla Harrison’s Shredded UFC 324 Faceoff Look Sends Fans Into A Frenzy
- ‘Reviewing it’: Hegseth on releasing video of Caribbean strike; survivors died on alleged drug boat