The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that federal departments are not patching quickly enough to defend against an active hacking campaign exploiting two vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) software. The flaws affect enterprise firewalls widely used by corporations and government agencies, and CISA said it is currently “tracking active exploitation” by an “advanced” threat actor that has been leveraging the issues since September.
CISA issued its third emergency directive of the year ordering agencies to apply patches, but the agency said that while some departments reported updating their systems, others remain “still vulnerable.” CISA did not identify which departments may have been compromised but urged any agency with affected Cisco devices to install the latest patch versions to prevent further exploitation.
The warning comes one week after the Congressional Budget Office (CBO) confirmed it had been hacked. The breach allowed suspected foreign attackers to access CBO emails and chat logs exchanged between lawmakers’ offices and the agency’s analysts. The CBO did not comment on the entry point used by the hackers. However, security researcher Kevin Beaumont found that the CBO had an unpatched Cisco firewall vulnerable to the flaws prior to the U.S. government shutdown on October 1. The agency took the affected router offline shortly before disclosing the intrusion.
CISA’s advisory underscores the urgency of updating Cisco ASA devices across federal networks, given that the vulnerabilities are being actively used in targeted attacks.
Featured image credits: Freepik
For more stories like it, click the +Follow button at the top of this page to follow us.