Two Cisco Zero-days Actively Exploited To Breach Goverment Networks

Cisco warned today of a state-backed hacking group exploiting two zero-day vulnerabilities in ASA and FTD firewalls since November 2023, breaching global government networks. Identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, the hackers initiated a cyber-espionage campaign named ArcaneDoor, infiltrating vulnerable edge devices. Cisco patched two security flaws—CVE-2024-20353 (denial of service) and CVE-2024-20359 (persistent local code execution)—used as zero-days. The ArcaneDoor campaign was detected in early January 2024, with evidence showing the attackers developing exploits since at least July 2023. Read more...