NSA Lays Guidelines for Zero Trust Implementation (ZIGs) for Orgs ; First in Series of ZeroTrust
The National Security Agency (NSA) is released the first two products in a series of Zero Trust Implementation Guidelines (ZIGs)
Continue ReadingCybersecurity News
Cyberattack Campaign Targeted CISCO Products; Impacting Cisco AsyncOS Software; Security Updates Released
Cisco Patched Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Continue Reading
GROK AI-Chatbot Raise Alarm on Ethical Usage of AI
GROK AI Chatbot Raises issue over AI ethics
Continue Reading
Malicious Extensions Copies Legitimate Apps; Chrome Under Spotlight
Chrome under spotlight
Continue Reading
Vulnerabilities in Cloud Exposure; File Sharing Sites Being Hacked
Cloud exposure led to breach by hackers
Continue Reading
Data Breach at SoundCloud Involves Unauthorized Access to Users Data
SoundCloud Data Breach
Continue Reading
Urgent OpenVPN Security Patch to Stop Remote Denial of Service Attacks
OpenVPN vulnerabilities
Continue Reading
Cyber Threats in Maritime Domain; National Security in Focus at Delhi Seminar
Seminar Titled ‘Impact of Cyber Attacks on Maritime Sector and its Effects on National Security and International Relations’
The event in Delhi organized by Indian Navy and address cyber threat on the Maritime domain and how the threats are aligned to national security and their impact.
The event organized at a time when geo -politics is evolving and the seminar aims to deepen understanding of cyber threats in the maritime domain and foster collaboration amongst key stakeholders to enhance cybersecurity and strengthen the national cybersecurity posture.
Cyber threats evolving and looming above the maritime sector as the Maritime industry steps into the world of cyber risk. The cyber risk is vast and includes array of ransomware capable of shutting down port operations to GPS, halting steering vessels as hackers are get more creative.
Any cyberthreat on maritime sector also involves national security and is not isolated and target of cyber criminals. Maritime security involves trade, global logistics, oil and gas, defense which are major reasons to map maritime cyber threat to national security.
With an aim to deepen understanding of cyber threats in the maritime domain, the Indian Navy is organized the seminar.
The seminar, titled ‘Impact of Cyber Attacks on Maritime Sector and Its Effects on National Security and International Relations’, aims to foster collaboration among key stakeholders to enhance cybersecurity and strengthen the national cybersecurity posture.
Minister of State for IT Ministry, Jitin Prasada, deliver the keynote address during the inaugural session. The seminar will feature panel discussions each led by distinguished experts from the ministries and organizations.
The seminar aims to advance Hon’ble PM’s vision of MAHASAGAR (Mutual and Holistic Advancement for Security and Growth Across the Regions) by reinforcing a safe, secure cyberspace, and echoes the call for ‘Aatmanirbhar Bharat’ through indigenous, secure-by-design digital systems and robust public-private partnership.
Aligned with Maritime India Vision 2030 and the Amrit Kaal Vision 2047, the seminar positions cybersecurity as a core enabler of port-led growth, smart logistics, offshore energy security, and mission critical naval operations.
These include the Ministry of Ports, Shipping and Waterways, the Ministry of Petroleum and Natural Gas (MoPNG), the National Security Council Secretariat (NSCS), the Gas Authority of India Limited (GAIL), the Directorate General of Hydrocarbons (DGH), the Indian Computer Emergency Response Team (CERT-In), the National Critical Information Infrastructure Protection Centre (NCIIPC), and the National Maritime Foundation (NMF) as well as leaders from private organisations.
The topics for panel discussions are ‘Global Cyber Threats to Maritime Infrastructure,’ ‘Civil and Military Partnership,’ and ‘Maritime Sector as Critical Information Infrastructure’.
CISA Warns Critical Cisco Firewall Vulnerabilities Under Active Exploitation
4 Actively exploited Zero-days affecting millions of devices,. This include 3 targeted by Nation-state actor “ArcaneDoor”.
Security Advisory: Cisco has released critical security updates to address two zero-day vulnerabilities referring to CVE-2025-20333 and CVE-2025-20362 in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.
CISA has also added in their KEV catalog and including additional actions tailored to each agency’s status in Emergency Directive ED 25-03 document.
CISA said ‘”The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution [RCE] on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade,”.
CISA has reported that an advanced threat actor ArcaneDoor, threat actor has demonstrated a capability to successfully modify ASA ROM at least as early as 2024. These zero-day vulnerabilities in the Cisco ASA platform are also present in specific versions of Cisco Firepower appliances’ Secure Boot would detect the identified manipulation of the ROM.
| Severity | Critical |
| CVSS Score | 9.9 |
| CVEs | CVE-2025-20333, CVE-2025-20362 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.1 |
Overview
The flaws discovered are actively exploited in the wild which allow attackers to execute arbitrary code or access restricted endpoints without authentication. Admins are urged to immediately apply Cisco’s fixed releases to mitigate these actively exploited zero-day vulnerabilities
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Buffer Overflow Vulnerability | CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance (ASA), Cisco Secure Firewall Threat Defense (FTD) | Critical | Update to the latest version |
| Missing Authorization Vulnerability | CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance (ASA), Cisco Secure Firewall Threat Defense (FTD) | Medium | Update to the latest version |
Technical Summary
Cisco has released security updates to address multiple vulnerabilities in the VPN web server of Secure Firewall ASA and FTD Software.
The most severe issue is a critical remote code execution vulnerability that could allow an authenticated attacker with valid VPN credentials to send specially crafted HTTP(S) requests and execute arbitrary code with root-level privileges, potentially resulting in full compromise of the affected device and control of its operations.
In addition, a medium-severity vulnerability was identified that could enable unauthenticated attackers to bypass access controls and access restricted web resources without authentication, potentially exposing sensitive information or limited administrative functions.
Both vulnerabilities are caused by improper validation of user-supplied HTTP(S) input, making them exploitable over the network.
Cisco has confirmed that there are no workarounds available, and administrators are strongly advised to upgrade to the fixed software versions immediately to ensure the security and integrity of their environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-20333 | Cisco Secure Firewall ASA Software, Cisco Secure FTD Software | Improper input validation in the VPN web server enables authenticated remote users to send crafted HTTP requests that allow arbitrary code execution with root privileges. | Remote Code Execution |
| CVE-2025-20362 | Cisco Secure Firewall ASA Software, Cisco Secure FTD Software | The VPN web server does not properly validate HTTP(S) user-supplied input. Attackers can exploit this by sending specially crafted requests to bypass authentication and access restricted URL endpoints. | Unauthorized access |
Recommendations:
- Install the fixed software releases for Cisco Secure Firewall ASA and FTD Software
- Use the Cisco Software Checker to identify the earliest fixed release for your software version.
- Navigate the device management interface (Cisco Secure Firewall Management Center or Device Manager) to apply updates.
- Restart devices after installation and ensure auto-updates are enabled.
- Review the Configure Threat Detection for VPN Services section in the Cisco Secure Firewall ASA Firewall CLI Configuration Guide to enable protection against VPN-related attacks.
Conclusion:
These vulnerabilities present a significant risk as they are actively being exploited in the wild and can lead to complete system compromise or unauthorized access to sensitive resources.
Since no workarounds are available, applying the latest Cisco security updates is the only effective remediation. Administrators should prioritize immediate patching across all affected devices to protect their environment from ongoing exploitation attempts and ensure continued resilience of critical firewall infrastructure.
References:
Telecom Network in New York Area Dismantled after Network Threat Detected
The US Secret Service, the agency in charge of security for the United Nations General Assembly, discovered a threatening network of over 300 servers and 10,000 SIM cards across the New York tri-state area.
The network could have “disabled cell phone towers and potentially shut down the cellular network in New York City,” Matt McCool, the special agent in charge of the Secret Service’s New York field office.
Key Points:
The network could also facilitate denial of service attacks and could send up to 30 million text messages per minute. All of the devices were found within 35 miles of the United Nations headquarters in Midtown Manhattan.
Analysis indicates cellular communications between nation-state threat actors and individuals that are known to federal law enforcement the report said.
The investigation into the devices is ongoing, the Secret Service said, but early forensic analysis indicates it was used for communications between “foreign actors” and people already known to federal law enforcement. No arrests have been announced, and investigators are still searching through the equivalent of 100,000 cell phones worth of data.
“This network had the potential to disable cell phone towers and essentially shut down the cellular network in New York City,” Matt McCool, special agent in charge of the Secret Service field office in New York, said in a video statement.
The telecommunications gear was recovered from so-called SIM farms housed in abandoned apartment buildings in at least five undisclosed sites. The devices discovered could be used to conduct a range of telecommunications attacks including disabling cell phone towers, enabling cybersecurity attacks and allowing encrypted communication between criminal groups and threat actors.
According to the Secret Service, the devices could facilitate a wide range of attacks on telecommunications systems, including disabling cell phone towers, enabling denial of service attacks.
This also allowed encrypted, anonymous communication between potential threat actors and criminal enterprises.
The forensic analysis indicates potential links between the network and overseas threat actors, as well as connections to individuals already known to federal law enforcement agencies.
According to Bloomberg, it is still unclear whether the network was connected to earlier incidents this year in which unknown individuals impersonated White House Chief of Staff Susie Wiles and Secretary of State Marco Rubio.
A full forensic review of the seized devices is ongoing as authorities continue to assess the scope and origins of the network.
Investigations started after threats to US officials
According to agents who spoke to the New York Times, the investigation began after anonymous telephonic threats were made against three US government officials earlier this year. One of the officials who was threatened worked with the Secret Service, while the other two were White House staffers.
State of crime
The agency first detected the New York-area SIM farm after it was linked to swatting incidents on Christmas Day in 2023. Those incidents involved Congresswoman Marjorie Taylor Greene and US Senator Rick Scott.
The cases were tied to two Romanian men, Thomasz Szabo and Nemanja Radovanovic, who were working with an American swatter, Alan Filion, also known as “Torswats.” All three have since been convicted on swatting-related charges.
Ben Coon, head of intelligence at cybersecurity firm Unit 221b, believes there was little foreign state involvement, and the operation is based on financial crimes.
Images released by the Secret Service showed racks of neatly arranged telecom equipment, each component numbered and labeled. Cables were carefully laid out and secured, which could mean the operation was handled by well-resourced professionals.
The operation is linked to swatting incidents, organized crime groups, and nation-state actors, with equipment seized across New York and New Jersey.
Sources: https://www.telegraphindia.com/world/us-secret-service-dismantles-telecom-threat-network-in-new-york-ahead-of-un-general-assembly/cid/2124609
Recent Comments