Cisco User Data Stolen in Vishing Attack www.darkreading.com/cyberatta…

Cisco disclosed this week that it suffered a data breach last month, resulting in the compromise of some user data.

The networking giant revealed the incident via an event disclosure page published to its website. According to the posting, an unidentified bad actor on July 24 targeted a Cisco representative in a voice phishing (vishing) attack that enabled the attacker “to access and export a subset of basic profile information from one instance of a third-party, cloud-based customer relationship management (CRM) system that Cisco uses.”

In a vishing attack, a threat actor uses their voice (or a synthetic one generated with something like a large language model) to trick a target into giving up personal information. Depending on the circumstance, this could include a voicemail from a fake CEO asking for a gift card, a call from someone posing as IT personnel asking for VPN credentials or remote access, or some other individual — whoever the attacker needs to be to exploit the target’s trust.