US agencies urged to patch Cisco firewalls amid active attacks
▼ Summary
– CISA warns that federal agencies are not adequately patching Cisco firewalls against an active hacking campaign exploiting two security flaws.
– The agency issued an emergency directive ordering government departments to update their systems due to ongoing exploitation by an advanced threat actor since September.
– Some federal agencies remain vulnerable despite the directive, though CISA did not specify which departments have been compromised.
– The Congressional Budget Office confirmed a hack that stole emails and chat logs, with evidence linking it to an unpatched Cisco firewall.
– Security researcher Kevin Beaumont identified the CBO’s affected Cisco device was unpatched before the October 1 government shutdown and taken offline after the breach.
U.S. federal agencies are being directed to immediately patch vulnerable Cisco firewalls following warnings from the Cybersecurity and Infrastructure Security Agency (CISA). The agency reports that a sophisticated threat actor is actively exploiting security weaknesses in Cisco’s Adaptive Security Appliance (ASA) software, which is widely deployed across government and corporate networks. Despite earlier alerts, CISA indicates that numerous federal systems remain exposed to potential compromise.
CISA issued its third emergency directive this year after confirming that exploitation of two specific flaws has been ongoing since at least September. The directive mandates that all agencies using affected Cisco devices apply the latest security updates without delay. While some departments have reportedly complied, CISA emphasized that a significant number have not, leaving critical infrastructure and sensitive data at risk.
Although CISA has not publicly identified which government entities have already been breached, the urgency of the situation is clear. In a related incident, the Congressional Budget Office (CBO) recently confirmed a security breach in which foreign attackers accessed internal emails and chat logs exchanged with lawmakers’ offices. Security investigator Kevin Beaumont identified that the CBO was operating an unpatched Cisco firewall at the time of the intrusion, which occurred just before the federal government shutdown on October 1. The affected device was taken offline shortly before the breach was publicly disclosed.
This ongoing campaign highlights the persistent danger posed by unaddressed software vulnerabilities, especially in essential network security products like firewalls. Federal organizations are being urged to treat patching as an immediate priority to prevent further unauthorized access and data theft.
(Source: TechCrunch)
