Hackread.comNov 14

🚨 The Cybersecurity and Infrastructure Security Agency (#CISA) has flagged active attacks exploiting two critical flaws in #Cisco ASA and Firepower devices (CVE-2025-20362 + CVE-2025-20333) used in the #ArcaneDoor campaign.

Read: https://hackread.com/cisa-attacks-cisco-asa-firepower-flaws/

#CyberSecurity #Vulnerability #Infosec #Firepower

CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

CyberVeille.chNov 8
📢 Cisco : exploitation active des zero-days ASA/FTD (CVE-2025-20362 & CVE-2025-20333) causant des redémarrages en boucle
📝 Source : BleepingCompute...
📖 cyberveille : https://cyberveille.ch/posts/2025-11-08-cisco-exploitation-active-des-zero-days-asa-ftd-cve-2025-20362-cve-2025-20333-causant-des-redemarrages-en-boucle/
🌐 source : https://www.bleepingcomputer.com/news/security/cisco-actively-exploited-firewall-flaws-now-abused-for-dos-attacks/
#ASA_FTD #ArcaneDoor #Cyberveille
Cisco : exploitation active des zero-days ASA/FTD (CVE-2025-20362 & CVE-2025-20333) causant des redémarrages en boucle

Source : BleepingComputer — Cisco avertit que deux vulnérabilités déjà exploitées en zero-day contre ses pare-feux ASA/FTD (CVE-2025-20362 et CVE-2025-20333) sont désormais utilisées pour provoquer des redémarrages en boucle, entraînant des dénis de service. La CISA a émis une directive d’urgence pour les agences fédérales américaines. • Vulnérabilités et impact: les failles CVE-2025-20362 (accès non authentifié à des endpoints URL restreints) et CVE-2025-20333 (RCE après authentification) peuvent, en chaîne, donner un contrôle total des systèmes non patchés. Un nouvel artéfact d’attaque observé le 5 novembre 2025 force des redémarrages inattendus des appareils, causant un DoS.

CyberVeille
CyberVeille.chOct 10
📢 Exploitation active de failles critiques WebVPN sur Cisco ASA/FTD (CVE-2025-20362/20333/20363)
📝 Selon Horizon3.ai, plusieurs vulnérabilités critiques affectant les...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-10-exploitation-active-de-failles-critiques-webvpn-sur-cisco-asa-ftd-cve-2025-20362-20333-20363/
🌐 source : https://horizon3.ai/attack-research/vulnerabilities/cve-2025-20362-cve-2025-20333-cve-2025-20363/
#ArcaneDoor #CISA_Emergency_Directive #Cyberveille
Exploitation active de failles critiques WebVPN sur Cisco ASA/FTD (CVE-2025-20362/20333/20363)

Selon Horizon3.ai, plusieurs vulnérabilités critiques affectant les composants WebVPN de Cisco ASA et FTD sont exploitées activement par l’acteur UAT4356, dit ArcaneDoor, ce qui a conduit la CISA à publier l’Emergency Directive 25-03. Les versions concernées sont Cisco ASA 9.16–9.23 et Cisco FTD 7.0–7.7. 🚨 Vulnérabilités et impact CVE-2025-20362 (bypass d’authentification) permet, via des requêtes HTTP(S) forgées, d’atteindre des endpoints WebVPN restreints. Chaînée avec CVE-2025-20333, cette faille conduit à une exécution de code à distance (RCE) en root, sans authentification, via des requêtes HTTPS malveillantes. CVE-2025-20363 constitue une RCE distincte affectant ASA/FTD sans authentification et certains composants Cisco IOS avec authentification. 🎯 Menace et attribution

CyberVeille
CensysMay 1, 2024
Censys Researchers investigated the threat actor infrastructure behind the #ArcaneDoor campaign, led by previously unknown state-sponsored threat actor #UAT4356, and found networks, certificate indicators, and software hinting at potential ties to China. https://censys.com/analysis-of-arcanedoor-threat-infrastructure-suggests-potential-ties-to-chinese-based-actor/ #CensysResearch
Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor

Censys
CensysApr 30, 2024
Zero-day flaws CVE-2024-20353 & CVE-2024-20359 in Cisco ASA & FTD have been exploited in “ArcaneDoor” state-sponsored campaign since Jan 2024. Censys detects over 162k Cisco ASA devices worldwide, with a significant numbers in the U.S. Learn more about the global impact :earth_americas:: https://censys.com/cve-2024-20353/ #ArcaneDoor #Cisco #CensysResearch
April 30, 2024: Cisco ASA and FTD vulnerabilities lead to breached government networks

Censys
83r71nApr 28, 2024

The blog post from Talos Intelligence reveals a sophisticated espionage campaign named ArcaneDoor, which targets perimeter network devices from various vendors. These devices are essential for data entry and exit, making them attractive targets for state-sponsored actors. The campaign has seen a significant increase in the past two years, particularly affecting telecommunications providers and energy sector organizations. Cisco Talos, with its extensive visibility into network security, played a key role in identifying this campaign.

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

#cybersecurity #cisco #talos #intelligence #ArcaneDoor #network

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

Cisco Talos Blog
PrivacyDigestApr 28, 2024

#ArcaneDoor - New #espionage -focused campaign found targeting perimeter network devices
#security

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

Cisco Talos Blog
ѕ¢я1ρt 👾Apr 25, 2024

Potential APT campaign targets network devices, exploiting vulnerabilities to deploy custom malware. Utilizing data exfiltration, lateral movement, and persistent access along with sophisticated in-memory techniques and crash dump hooks to evade detection. #CyberSecurity
#ArcaneDoor

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.

Cisco Talos Blog
deltatux Apr 25, 2024
The Canadian Centre for Cyber Security has issued a detailed security advisory regarding the "LINE DANCER" & "LINE RUNNER" attacks against Cisco ASA devices by what it believes are nation-state sponsored malicious actors.

As usual, if you or your organization runs Cisco ASAs, time to patch to mitigate these vulnerabilities.

www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns

#infosec #cybersecurity #LINEDANCER #LINERUNNER #ARCANEDOOR #Cisco #CiscoASA #SecurityAdvisory #CVE_2024_20359 #CVE_2024_20353
Cyber Activity Impacting CISCO ASA VPNs - Canadian Centre for Cyber Security

Cyber Activity Impacting CISCO ASA VPNs

Canadian Centre for Cyber Security
Geeky Malcölm 🇨🇦Apr 25, 2024

#Cisco Releases Security Updates Addressing #arcanedoor Vulnerabilities in Cisco Firewall Platforms

https://www.cisa.gov/news-events/alerts/2024/04/24/cisco-releases-security-updates-addressing-arcanedoor-vulnerabilities-cisco-firewall-platforms

#PatchYourShit