CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Another top US mortgage firm reveals a major data breach, over a million customers affected

    December 28, 2023

    LoanCare suffered a data breach last month, which resulted in the theft of sensitive customer data, the insurance service company has confirmed. Roughly 1.3 million people were affected by the breach, the company further explained, as hackers stole people’s full names, physical addresses, Social Security Numbers (SSN), and loan numbers. Read more… Source: MSN News  

  • Financially motivated threat actors misusing App Installer

    December 28, 2023

    Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware. In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. In response to ...

  • Yakult Australia targeted in cyber attack, employee files published on dark web

    December 28, 2023

    Iconic probiotic company Yakult Australia has been hit by a significant cyber attack that has seen its company records and sensitive employee documents, such as passports, published on the dark web. Yakult Australia confirmed its Australian and New Zealand IT systems were impacted by a “cyber incident”. Read more… Source: MSN News  

  • A cyberattack targets Albanian Parliament, cellphone provider and air flight company

    December 27, 2023

    Albania’s Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. A statement said Monday’s cyberattack had not “touched the data of the system,” adding that experts were working to discover what consequences the attack could have. It said ...

  • Henry Schein Sales Hurt by Cyber Attack, Macro Woes

    December 27, 2023

    Henry Schein (HSIC) is currently entangled in a major cyber-attack incident. Headwinds like unfavorable currency movement and global economic uncertainties continue to affect the company. The stock carries a Zacks Rank #4 (Sell). In October 2023, Henry Schein stated that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein took precautionary ...

  • Israel’s Cyber Directorate warns of phishing attack by Iran-based hacking squad

    December 26, 2023

    Israel’s National Cyber Directorate issued a statement Tuesday warning of a phishing attack by Iranian hackers. Posing as American network security conglomerate F5, Iranian hackers sent an email to IT officials in multiple Israeli companies with instructions to download what seems like an update, but is actually malware, said the directorate. Working with an unnamed commercial ...