Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes

> The mysterious nation-state group "utilized bespoke tooling ...

Oh god! Did the bad guys learn python? Now you're really going to have to up your game.

"In addition to the alert we have not confirmed evidence of this activity affecting US government networks at this time," as CISA spokesperson told The Register.

And now we know who the state actor is.

Have I Mentioned Fort Meade Before?

So.....the weakness was embedded BY CISCO at the behest of paymasters in Fort Meade????? What do you think?

Stop using cisco

I stopped using cisco ASA around v5.2ish and old IOS @ 12.3 as it was an unsecure pos and found it highly annoying you had to repeatedly pay for their next backdoored code version. I suppose somebody has to pay for the devs to think up new ways to obfuscate the *required holes in their system.Those using cisco gear are the same breed as the lemmings that continue to jump off Microsoft's cliffs despite the escalating numbers of injured. *Plenty of information out there for you to see.

Two months since the last cisco backdoor discovery.

"first spotted in early January and revealed on Wednesday."

Is this because they've released patched to block the intrusions or did it just take this long to get around to telling people their security is leaking like a sieve?

I can understand a delay in announcing a vuln that's not being actively exploited since that would give the bad guys a clear window of opportunity while the fix is being developed, but when it's an actively exploited vuln, would it not be better to announce it ASAP so at least the victims and potential can try to do something to protect themselves?

I don't get it

One after another. Does anybody test their crap in-house or do they just wait for something to happen?