CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US government agencies hit in global cyberattack
June 15, 2023
“Several” US federal government agencies have been hit in a global cyberattack that exploits a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on ...
- Mystic Stealer: The new kid on the block
June 15, 2023
Mystic Stealer is a new information stealer that was first advertised in April 2023. Mystic steals credentials from nearly 40 web browsers and more than 70 browser extensions. The malware also targets cryptocurrency wallets, Steam, and Telegram. The code is heavily obfuscated making use of polymorphic string obfuscation, hash-based import resolution, and runtime calculation of constants. Read more… Source: ...
- Cyber attacks against APAC commerce sector surpass 1.1 billion
June 14, 2023
Over 1.15 billion cyber attacks were launched against retailers, hotels and travel-related organisations in Asia-Pacific (APAC) last year, underscoring the security risks that come with growing digitisation efforts in the commerce sector. According to Akamai’s Entering through the gift shop: attacks on commerce report, retailers in India and China were the most targeted due to the ...
- Cadet Blizzard emerges as a novel and distinct Russian threat actor
June 14, 2023
As Russia’s invasion of Ukraine continues into its second year and Microsoft continues to collaborate with global partners in response, the exposure of destructive cyber capabilities and information operations provide greater clarity into the tools and techniques used by Russian state-sponsored threat actors. Throughout the conflict, Russian threat actors have deployed a variety of destructive capabilities ...
- CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit
June 14, 2023
Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is ...
- Australia’s privacy monitor hit by cyber attack
June 14, 2023
Australia’s peak privacy body that monitors potential breaches has fallen victim to a cyber attack. The Office of the Australian Information Commissioner has confirmed data belonging to law firm HWL Ebsworth has been stolen by Russian criminal ransomware hackers. Read more… Source: MSN News

