CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.
Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.
Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI Issues Warning on ‘Secure’ Websites Used For Phishing
June 10, 2019
The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser’s address bar to check if the current page is served by a website secured using a ...
- MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
June 10, 2019
We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as its connection to four Android malware ...
- Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor
June 9, 2019
Linux users, beware! If you haven’t recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line text editing applications that come pre-installed ...
- Ancient ICEFOG APT malware spotted again in new wave of attacks
June 7, 2019
Malware developed by Chinese state-sponsored hackers that was once thought to have disappeared has been recently spotted in new attacks, in an updated and more dangerous form. Spotted by FireEye senior researcher Chi-en (Ashley) Shen, the malware is named ICEFOG (also known as Fucobha). It was initially used by a Chinese APT (advanced persistent threat, a technical ...
- Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
June 7, 2019
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed ...
- New RCE vulnerability impacts nearly half of the internet’s email servers
June 7, 2019
A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today. The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients. According to a June 2019 survey of all mail servers ...