A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday. First confirmed activity observed by a Cisco customer dates to early January 2024 but the actual attacks started in November 2023. “Further, we have identified evidence that suggests this capability was being tested and developed as … More
The post Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) appeared first on Help Net Security.