U.S. cybersecurity agency CISA says federal government departments are not sufficiently patching to protect against an active hacking campaign targeting Cisco firewalls.
In an updated advisory published Wednesday, CISA said that it was currently “tracking active exploitation” of two security flaws in Cisco’s Adaptive Security Appliance (ASA) software, which powers a range of enterprise grade firewalls used by corporate giants and government agencies to protect their networks from malicious outsiders.
CISA said the flaws have been abused by an “advanced” but as-yet-unnamed threat actor since September, which prompted the agency to issue its third emergency directive of the year, ordering agencies to patch their affected systems.
While some federal agencies told the agency that they had patched their systems, CISA said some agencies were “still vulnerable” to the threats as outlined in the agency’s directive.
The agency did not say which government departments had been compromised, but urged all agencies with affected Cisco devices to update to the latest patch version to avoid exploitation.
Last week, the Congressional Budget Office confirmed it had been hacked, allowing suspected foreign hackers to steal the agency’s emails and chat logs between lawmakers’ offices and the agency’s researchers.
Could the GTA 6 Delay Also Delay Next-Gen Consoles?