"U.S. cybersecurity agency CISA says federal government departments are not sufficiently patching to protect against an active hacking campaign targeting Cisco firewalls. In an updated advisory published Wednesday, CISA said that it was currently "tracking active exploitation" of two security flaws in Cisco's Adaptive Security Appliance (ASA) software, which powers a range of enterprise grade firewalls used by corporate giants and government agencies to protect their networks from malicious outsiders."
"CISA said the flaws have been abused by an "advanced" but as-yet-unnamed threat actor since September, which prompted the agency to issue its third emergency directive of the year, ordering agencies to patch their affected systems. While some federal agencies told the agency that they had patched their systems, CISA said some agencies were "still vulnerable" to the threats as outlined in the agency's directive."
CISA is tracking active exploitation of two security flaws in Cisco's Adaptive Security Appliance (ASA) firewall software. An advanced, unnamed threat actor has abused the flaws since September. CISA issued its third emergency directive of the year ordering federal agencies to patch affected systems. Some agencies reported patching, while others remain vulnerable. CISA did not name which departments were compromised and urged all agencies with affected Cisco devices to update to the latest patch to avoid exploitation. The Congressional Budget Office confirmed a hack that exposed emails and chat logs and had an unpatched affected Cisco firewall prior to October 1.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]