Cisco today began the process of patching a zero-day vulnerability in its Adaptive Security Appliance (ASA) software exposed in the ShadowBrokers data dump. Users on affected versions of ASA, 7.2, and 8.0 through 8.7, are urged to migrate soon to 9.1.7(9) or later. Newer versions that are also implicated—9.1 through 9.6—are expected to be updated...

Exploits against enterprise-grade Cisco firewalls dumped by the ShadowBrokers have quickly—and apparently without a lot of strenuous effort—been upgraded to attack more current versions of ASA. Researchers at Silent Signal in Hungary yesterday tweeted they had ported the EXTRABACON attack to ASA version 9.2(4), which was released a year ago. We successfully ported EXTRABACON to...