Late last week, the Cybersecurity and Infrastructure Security Agency issued an emergency directive in response to a widespread campaign that involves exploiting zero-day vulnerabilities in Cisco firewall devices – giving threat actors access to the devices and enabling them to execute malicious code and malware.
Here is some commentary on the significance of these vulnerabilities and insights for security leaders from cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann.
“The exploitation of Cisco firewalls underscores the dangerous nature of island hopping through security vendors’ vulnerabilities. This systemic attack to U.S. government agencies represents a clear and present danger to national security. Cybersecurity vendors must ramp up their own security postures in 2025 and the private sector must expand third party risk management to include cybersecurity vendors in order to mitigate future widespread attacks by China.”
Once again it is time to patch all the things. Because this is one of those “today problems” which seem to be multiplying like rabbits. That’s not a good place for those of us on the side of keeping users and organizations safe to be.
Like this:
Like Loading...
Related
This entry was posted on September 29, 2025 at 4:30 pm and is filed under Commentary with tags Cisco. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA Issues Alert Regarding Cisco Firewall Zero-Days
Late last week, the Cybersecurity and Infrastructure Security Agency issued an emergency directive in response to a widespread campaign that involves exploiting zero-day vulnerabilities in Cisco firewall devices – giving threat actors access to the devices and enabling them to execute malicious code and malware.
Here is some commentary on the significance of these vulnerabilities and insights for security leaders from cybercrime expert and VP of Cyber Risk for HITRUST, Tom Kellermann.
“The exploitation of Cisco firewalls underscores the dangerous nature of island hopping through security vendors’ vulnerabilities. This systemic attack to U.S. government agencies represents a clear and present danger to national security. Cybersecurity vendors must ramp up their own security postures in 2025 and the private sector must expand third party risk management to include cybersecurity vendors in order to mitigate future widespread attacks by China.”
Once again it is time to patch all the things. Because this is one of those “today problems” which seem to be multiplying like rabbits. That’s not a good place for those of us on the side of keeping users and organizations safe to be.
Share this:
Like this:
Related
This entry was posted on September 29, 2025 at 4:30 pm and is filed under Commentary with tags Cisco. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.