U.S. cybersecurity agency CISA says federal government departments are not sufficiently patching to protect against an active hacking campaign targeting Cisco firewalls.

In an updated advisory published Wednesday , CISA said that it was currently “tracking active exploitation” of two security flaws in Cisco’s Adaptive Security Appliance (ASA) software, which powers a range of enterprise grade firewalls used by corporate giants and government agencies to protect their networks from malicious outsiders.

CISA said the flaws have been abused by an “advanced” but as-yet-unnamed threat actor since September, which prompted the agency to issue its third emergency directive of the year, ordering agencies to patch their affected systems.

While some federal agencies told the agency that they

See Full Page