- Cyber Safety
- Posts
- Cisco Alerts: Backdoor Admin Account Used in Ongoing Cyber Attacks!
Cisco Alerts: Backdoor Admin Account Used in Ongoing Cyber Attacks!
Legacy Stripe APIs have become a prime target for cybercriminals, enabling sophisticated credit card skimmer attacks that exploit outdated payment systems. These older APIs lack the advanced security features of Stripe’s modern PaymentMethods API, making them vulnerable to manipulation.
• Outdated Interfaces: Many e-commerce platforms still use deprecated endpoints like api.stripe.com/v1/sources
, leaving them exposed.
• Malicious Overlays: Attackers inject JavaScript to create fake checkout pages, tricking users into entering sensitive payment info.
• High Impact: Victims face data breaches, fraudulent transactions, reputational damage, and potential legal consequences.
• Widespread Use: Platforms like WooCommerce, WordPress, and PrestaShop remain at risk if unpatched.
To mitigate these threats, businesses must migrate to updated Stripe APIs, perform regular security audits, implement real-time monitoring, and educate their development teams. With payment fraud tactics evolving fast, staying on legacy systems is a costly gamble. Proactive upgrades are critical to protecting both customer trust and operational integrity.

Greek entrepreneurs Eleftherios Karabatsakis and Peter Benos have taken a bold step into the burgeoning world of electric vehicle (EV) security with their new venture, PlugSecure.
This innovative company is dedicated to safeguarding EV charging networks from rising cyber threats—a concern they recognized back in 2021. Joining them is cybersecurity expert George Anagnostopoulos, who is returning to Greece to contribute to this initiative.
Highlights:
• Founders: Karabatsakis and Benos, successful in e-mobility services previously.
• Mission: Focus on protection against cyberattacks on EV charging networks.
• Collaboration: George Anagnostopoulos joins as a cybersecurity expert, enhancing the team’s expertise.
• Vision: Turning the brain drain into a brain gain by bringing talent back to Greece.
With PlugSecure, they’re not just aiming to enhance security; they’re also promoting sustainability in the fast-evolving e-mobility landscape.

The UK's Cyber Security and Resilience Bill, set to enter Parliament soon, aims to bolster the country’s cyber defenses amid increasing threats. Here are the key highlights:
• Expanded Scope: 1,000 IT suppliers will be categorized as critical national infrastructure, requiring compliance with stricter cybersecurity regulations.
• Heavy Penalties: Non-compliance could lead to fines up to £100,000 daily.
• Proactive Regulation: Enhancements to the Information Commissioner’s powers will promote a shift from reactive to preventative cyber risk management.
• Agile Response: The Secretary of State will gain authority to update regulations swiftly in response to evolving technological threats.
Industry leaders welcome the bill, viewing it as essential for improved resilience against cyber attacks, especially following notable breaches that have impacted public services.
While fostering a unified cybersecurity framework is under discussion, the bill marks a significant step forward in safeguarding national interests against cyber threats.

Adaptive Security has just secured an impressive $43 million in funding from Andreessen Horowitz (a16z) and the OpenAI Startup Fund to tackle the rising threat of AI-powered cyberattacks, including deepfakes, vishing, and smishing. This investment marks OpenAI's inaugural foray into the cybersecurity arena!
Here are some highlights from the article:
• Deepfake Threats: Deepfakes are becoming alarmingly sophisticated, with attacks happening every five minutes in the U.S.
• AI-Powered Solutions: Adaptive’s platform features AI simulations and training programs to help companies prepare against these evolving threats.
• Proactive Defense: The funds will enhance Adaptive’s solutions, equipping organizations to defend against social engineering attacks effectively.
Brian Long, CEO of Adaptive Security, emphasizes the urgency of rising AI threats, and with this new funding, the company aims to outpace cybercriminals by providing cutting-edge training and risk mitigation tools. Adaptive Security is poised to revolutionize cybersecurity in the AI era!

Cisco is sounding the alarm over a serious vulnerability in its Smart Licensing Utility (CSLU), which exposes a backdoor admin account used in attacks. Here's what you need to know:
• Vulnerability: Identified as CVE-2024-20439, this security flaw allows unauthenticated attackers to access systems remotely with admin privileges.
• Risk: The vulnerability impacts only those running older versions of the CSLU that are actively in use.
• Exploitation: Cisco's security team reported attempted exploitations, urging admins to patch their systems immediately.
• Chained Attacks: Threat actors are exploiting this backdoor in combination with another flaw (CVE-2024-20440) that reveals sensitive data.
In response, the Cybersecurity and Infrastructure Security Agency (CISA) has added the backdoor to its Known Exploited Vulnerabilities Catalog, mandating U.S. federal agencies to secure their systems by April 21. Don't wait—update your Cisco software now to keep your environments safe!