Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The US cybersecurity agency CISA says federal government departments are not patching adequately to protect against an active hacking campaign targeting Cisco’s firewalls.
in The updated advisory was published on WednesdayCISA said it is currently “actively tracking exploitation” of two vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) software, which powers a suite of enterprise-level firewalls used by giant corporations and government agencies to protect their networks from malicious outsiders.
CISA said the flaws had been abused before An “advanced” threat actor but not yet named since September, prompting the agency to issue its third emergency directive of the year, ordering agencies to patch their affected systems.
While some federal agencies told the agency they had repaired their systems, CISA said some agencies “remain vulnerable” to threats as described in the agency’s guidance.
The agency did not say which government departments were compromised, but urged all agencies with affected Cisco devices to update to the latest patch to avoid exploitation.
Last week, the Congressional Budget Office It was confirmed that it had been hackedThis allows suspected foreign hackers to steal the agency’s emails and chat logs between the offices of lawmakers and the agency’s researchers.
The Congressional Budget Office, which provides economic analysis and information to lawmakers, did not say how the hackers gained entry, however Security researcher Kevin Beaumont It found that the CBO had an affected Cisco firewall that was not patched before the US government shutdown on October 1. The CBO pulled the affected Cisco router offline shortly before the breach was disclosed.