The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal government departments regarding the urgent need to patch vulnerable Cisco firewalls. CISA has identified active exploitation of security flaws in Cisco’s Adaptive Security Appliance (ASA) software, commonly used by enterprises and government agencies for network protection.
CISA’s latest advisory highlights that threat actors have been exploiting these vulnerabilities since September. This prompted CISA to issue its third emergency directive of the year, instructing agencies to promptly patch affected systems to mitigate the risks posed by these exploits.
While some agencies have reported patching their systems, CISA noted that several entities remain susceptible to these threats as outlined in the directive. The agency did not specify the compromised government departments but emphasized the importance of all affected agencies updating their Cisco devices with the latest patches to prevent exploitation.
Recent incidents, such as the Congressional Budget Office hack, further underscore the severity of the situation. The CBO confirmed a breach that allowed unauthorized access to sensitive communications, with an unpatched Cisco firewall identified as a contributing factor.
This ongoing cybersecurity challenge highlights the critical need for proactive patch management and robust security measures across government agencies and enterprises to safeguard against evolving cyber threats.
Source: TechCrunch