Cisco urges immediate software upgrade after state-sponsored attack
- by nlqip
Thinking beyond updates
Cisco emphasized that perimeter network devices serve as ideal entry points for espionage-focused campaigns and must be routinely and promptly patched.
“In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical infrastructure entities that are likely strategic targets of interest for many foreign governments,” Cisco said in the post.
CIOs and CISOs should focus beyond routine software updates and adopt a holistic approach, said Thomas George, president of market research firm CMR.
“This should include regular security audits to identify and address vulnerabilities—such as unpatched systems or outdated protocols,” George said. “Additionally, robust employee training programs are crucial to raising awareness about phishing, social engineering, and other cyber threats. The widespread implementation of multi-factor authentication, not just for external access but also for internal systems, significantly enhances security.”
George also suggested integrating advanced threat detection technologies like AI-driven anomaly detection and establishing a well-structured incident response plan that includes simulated cyberattack drills, which can dramatically improve an organization’s ability to detect, respond to, and mitigate cyber incidents swiftly.
Combined effort essential
In the post, Cisco explained how it identified the issue. Early in 2024, a customer reached out to its Product Security Incident Response Team (PSIRT) and Cisco Talos, its threat intelligence team, raising security concerns about their Adaptive Security Appliances.
Source link
lol
Thinking beyond updates Cisco emphasized that perimeter network devices serve as ideal entry points for espionage-focused campaigns and must be routinely and promptly patched. “In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical…
Recent Posts
- Google says “Enhanced protection” feature in Chrome now uses AI
- Scammers target UK senior citizens with Winter Fuel Payment texts
- Malicious PyPI package with 37,000 downloads steals AWS keys
- Microsoft says recent Windows 11 updates break SSH connections
- Hands on with AI features in Windows 11 Paint and Notepad