Η Cisco warned that state hackers exploit two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewallsto violate government networks around the world. Η business her, by name, ArcaneDoor, shall take place at least from November 2023.
The hackers, tracked as UAT4356 from Cisco Talos and STORM-1849 from Microsoft, they began to infiltrate vulnerable Devices in early November 2023, as part of the ArcaneDoor cyber espionage campaign.
Cisco has discovered and fixed two vulnerabilities that were used as zero-days by hackers:
- CVE-2024-20353: allows denial of service attacks
- CVE-2024-20359: allows code execution
Cisco became aware of the ArcaneDoor campaign in early 2024 and discovered that the hackers had tested and deployed exploits for the two zero-day vulnerabilities, at least from July 2023.
See also: Cisco reveals root escalation flaw in IMC
Targeting Cisco firewalls
The two zero-day vulnerabilities allowed state hackers to deploy previously unknown malware and maintain the Accessed at on compromised Cisco ASA and FTD devices.
One of the malware, the line dancer, is a memory shellcode loader that helps deliver and execute shellcode payloads to disable logging, provide remote access and export packets.
The second malware used in the ArcaneDoor campaign is a backdoor called line runner, which bypasses defensive mechanisms and allows hackers to execute Lua code on hacked systems.
“This group used specific tools that showed a clear focus on the espionage and an in-depth knowledge of the devices they were targeting, typical of sophisticated state-sponsored hackers“, said Cisco.
See also: Cisco: brute-force attacks target VPN services
ArcaneDoor: Cisco urges customers to update firewalls
The company released security updates on Wednesday to fix the two zero-day vulnerabilities and recommends that all Clients To upgrade their devices as soon as possible.
Administrators are also invited to monitor the system logs for any signs of unscheduled reboots, unauthorised configuration changes or suspicious activity credential.
Protection from vulnerabilities
Η implementation of updates is one of the most effective ways to protect against gaps Security. Attackers exploit known and unknown vulnerabilities in older versions of the software, so keeping the software up to date is vital.
Η information and training of staff is also important. Employees need to be aware of the risks associated with cybersecurity and good practices to avoid attacks.
The use of advanced security solutions, such as intrusion protection systems (IPS), intrusion detection systems (IDS) and antivirus software, can help counter attacks and protect against bugs.
See also: Cisco: password-spraying attacks target VPN services
The use of multifactor verification (MFA) can offer an extra layer of protection, as it requires the users provide two or more pieces of verification to prove their identity.
Finally, the the creation and implementation of a policy Security information can prevent the exploitation of vulnerabilities. This policy should include data protection, protection of systems and networks, and response to security breaches.
Source : www.bleepingcomputer.com
){kind=link}