NCSC Issues Urgent Warning On Malware Targeting Cisco Devices - 1

Image by Denny Bú, from Unsplash

NCSC Issues Urgent Warning On Malware Targeting Cisco Devices

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The National Cyber Security Centre (NCSC) of the UK has released a new alert about an ongoing malware attack, which targets specific Cisco devices, urging organizations to take immediate protective measures.

In a rush? Here are the quick facts:

  • Attackers exploited new flaws to implant malware, execute commands, and steal data.
  • Cisco detection guide highlights suppressed system logs and disabled memory checks.
  • Attackers use stolen credentials, creating “impossible travel” login scenarios.

In a new update , Cisco confirmed that the same threat actor behind last year’s ArcaneDoor campaign is now exploiting new flaws in Cisco Adaptive Security Appliance (ASA) 5500-X Series devices.

The networking tools of Cisco include routers, switches, and firewalls which direct and protect internet traffic. They’re widely used by companies and governments to connect systems, enable remote access, and safeguard sensitive data.

Attackers have managed to place malware into systems while performing commands and obtaining sensitive data from compromised systems.

The NCSC has published detailed analysis of two new malware strains, named RayInitiator and LINE VIPER, which represent a more advanced evolution of malware seen in the earlier campaign. NCSC says that organisations need to check their systems right away according to Cisco remediation guidance.

Ollie Whitehouse, NCSC’s Chief Technology Officer, said: “It is critical for organisations to take note of the recommended actions highlighted by Cisco today, particularly on detection and remediation. We strongly encourage network defenders to follow vendor best practices and engage with the NCSC’s malware analysis report to assist with their investigations.”

End-of-life technology presents a significant risk for organisations. Systems and devices should be promptly migrated to modern versions to address vulnerabilities and strengthen resilience,” Whitehouse concluded.

Cisco has also issued a detailed detection guide for network defenders. It explains how attackers may try to hide their activity, including suppressing system logs, disabling memory checks, and using stolen credentials to create “impossible travel” scenarios, where the same user logs in from distant locations in an unrealistic timeframe.

Only certain Cisco ASA 5500-X models running specific software versions with VPN services enabled have been confirmed as compromised. Cisco and the NCSC recommend users to update their devices, check their logs and replace all unsupported equipment as it creates a growing security threat.

Senate Democrats Say DOGE Chaos Put Americans’ Data At Risk - 2

Image by Sara Cottle, from Unsplash

Senate Democrats Say DOGE Chaos Put Americans’ Data At Risk

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A new report from Senate Democrats accuses the Department of Government Efficiency (DOGE) of creating unsafe working conditions that put Americans’ sensitive data at risk.

In a rush? Here are the quick facts:

  • Staff used Starlink networks “that could have allowed them to work without being tracked.”
  • Whistle-blowers said Social Security numbers were stored on cloud servers “without any verified security controls.”
  • Charles Borges, ex-SSA data officer, accused DOGE of risking Americans’ sensitive information.

According to the report, first detailed by The New York Times , DOGE operated out of the General Services Administration building, where the office resembled a makeshift camp. The room contained armed guards, together with children’s toys, windows covered by garbage bags and sleeping areas.

Staff members for Senator Gary Peters of Michigan, the top Democrat on the Homeland Security and Government Affairs Committee, said DOGE aides sat at desks with “eight or 10 laptops deep,” often using Starlink networks that “could have allowed them to work without being tracked,” as reported by The Times,

The report cites whistle-blowers who alleged that Social Security numbers were placed on cloud servers “without any verified security controls.” The Times says that the report stated that this action created an extreme danger of a major data security breach.

The Social Security Administration received public warnings about these issues from former chief data officer Charles Borges, who had already raised these concerns publicly.

The Times reports that in one case, a former DOGE employee at the Social Security Administration, reportedly inquired about cloud data upload, so that the Department of Homeland Security could access it.

Another whistle-blower said Social Security’s Numident data later appeared at Homeland Security “in a strange format,” suggesting irregular sharing methods.

Despite these claims, the report offered few new examples of security breaches, as reported by The Times. The report showed that Democrats faced difficulties in maintaining control of DOGE operations. Officials often refused to explain what projects DOGE employees were working on, or even confirm who had been assigned to which agencies.

“This report concludes that DOGE is jeopardizing Americans’ most sensitive data, while its employees operate under a layer of secrecy that shields them from meaningful oversight and accountability,” the report’s authors wrote, as noted by The Times.