The US. CISA has issued a high-priority alert for federal agencies to patch two critical vulnerabilities found in Cisco products and one in the widely used file transfer tool, CrushFTP.
ArcaneDoor Exploits Cisco ASA & FTD Devices
The revelation that a state-backed hacking group has been exploiting two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices paints a grim picture. Since November 2023, the ArcaneDoor campaign has been actively breaching government networks with a focus on espionage activities.
Cisco’s discovery of these flaws underscores the relentless pursuit of new attack vectors by sophisticated adversaries. The fact that the attackers likely developed and tested exploits for months before deployment suggests a calculated and well-planned operation.
CrushFTP Flaw Exposes Organizations Across Industries
This vulnerability, CVE-2024-4040 in the widely-used CrushFTP file transfer service poses an immediate risk. If exploited, unauthenticated attackers could potentially steal sensitive data or completely compromise systems. The widespread use of CrushFTP and the alarmingly slow patch adoption rate. Many vulnerable instances remain online, leaving enterprises across various industries as tempting targets for opportunistic cybercriminals.
Research firm Censys discovered over 2,750 CrushFTP exposures within the United States alone, accounting for nearly half of the global exposures.
CISA’s given a timeline until May 1 for Federal agencies to secure their systems, a deadline that underscores the critical nature of these vulnerabilities and the need for immediate action.
