CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Anatomy of Formjacking Attacks
April 27, 2020
The rise of the Internet has contributed positively in many ways to people’s lives and you can find almost any service on the internet now. However, the convenience of the internet also opens a gate to use malware to steal people’s confidential information, and unfortunately, more and more malware authors are taking advantage of this. Formjacking, ...
- Single Malicious GIF Opened Microsoft Teams to Nasty Attack
April 27, 2020
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF ...
- Israel government tells water treatment companies to change passwords
April 27, 2020
The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can’t be changed, the agency recommended taking ...
- Hackers are exploiting a Sophos firewall zero-day
April 26, 2020
Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing ...
- Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
April 24, 2020
The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019. In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address. The attacks were carried out ...
- A look at the ATM/PoS malware landscape from 2017-2019
April 23, 2020
From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. ATM attacks aren’t ...