Home SECURITY CISA issues emergency cybersecurity directive

CISA issues emergency cybersecurity directive

CISA issues emergency cybersecurity directive


Zero days in Barracuda and Fortinet products: CISA introduces emergency cybersecurity directive

Federal agencies must now respond to agency warnings within 14 days.

US Agency for Cybersecurity and Infrastructure Protection (CISA) required all federal civilian agencies to take new measures to limit access to network equipment exposed to the Internet. The directive comes amid a surge in attacks on previously unknown vulnerabilities in widely used security devices and network devices.

Under the new CISA order, federal agencies now have 14 days to respond to any report from CISA about misconfigured or publicly available network equipment. The directive applies to any network devices—such as firewalls, routers, and load balancers—that allow remote authentication or administration.

The order requires federal departments to restrict access so that only authorized users of the agency’s LAN or internal network can reach the control interfaces of these devices.

The requirement follows a number of recent incidents in which attackers exploited zero-day vulnerabilities in popular networking products to launch ransomware and cyber-espionage attacks against affected organizations.

Yes, the company’s experts Mandiant recently disclosed that since at least October 2022, Chinese cyber spies have been exploiting a zero-day vulnerability in many email security gateways (ESG) sold by the California company Barracuda Networks to steal sensitive emails from organizations using these devices.

Around the same time, researchers Lexfo discovered that zero vulnerabilities are actively exploited in a wide range of VPN solutions produced by the company Fortinet.

These incidents show how important it is for organizations of all levels and areas of activity to ensure reliable protection of their network equipment from cyber attacks, so the new CISA requirement looks quite justified and logical.


Source link



Please enter your comment!
Please enter your name here