Weekly Security Roundup: Cisco ASA Vulnerabilities Persist, Red Hat GitLab Breach Claimed
Urgent Security Alert: Unpatched Cisco ASA Flaws Actively Exploited, Red Hat Investigates Breach Claims
The cybersecurity landscape is in constant motion, and this week brings critical reminders about the dangers of both old vulnerabilities and new threats. Security teams are on high alert as a years-old flaw in widely used Cisco devices is being actively exploited for ransomware attacks, while tech giant Red Hat investigates a serious claim of a source code breach.
Here’s what you need to know to protect your organization.
An Old Vulnerability Creates New Dangers: Cisco ASA Devices Under Attack
A critical vulnerability in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, first disclosed in 2020, is being aggressively exploited by threat actors to gain initial network access. This flaw, tracked as CVE-2020-3259, is a limited directory traversal vulnerability that can expose sensitive information on affected devices.
Despite its age, cybercriminal groups are successfully using this exploit as a gateway into corporate networks. Security researchers have linked this activity to a threat actor known as UAT4356 (also tracked as STORM-1849), which has been observed leveraging the vulnerability to achieve a foothold before deploying ransomware, including variants like Akira and LockBit.
The key takeaway here is that threat actors are systematically scanning the internet for unpatched, vulnerable Cisco ASA devices. Once compromised, these devices provide a launchpad for broader attacks, turning a seemingly minor information disclosure flaw into a catastrophic ransomware event.
Security Recommendations for Cisco ASA Devices:
- Patch Immediately: The most critical action is to ensure all Cisco ASA and FTD devices are patched against CVE-2020-3259. Do not assume that older vulnerabilities are no longer a threat.
- Review Access Logs: System administrators should carefully examine logs for any signs of unauthorized access or suspicious activity, especially related to directory traversal attempts.
- Implement Robust Monitoring: Use network monitoring solutions to detect unusual traffic patterns originating from or directed at your security appliances. Early detection is key to preventing a minor compromise from escalating.
Red Hat Probes Claims of a Major GitLab Source Code Breach
In a separate but equally concerning development, Red Hat is currently investigating claims made by a threat actor who alleges to have breached the company’s internal GitLab server and stolen source code. The individual posted a screenshot on a hacking forum, purportedly showing a list of directories from the compromised server.
The folder names visible in the screenshot—such as openshift, cloud-services, and coreos—appear to correspond with major Red Hat projects, lending some credibility to the claim. However, the full extent and validity of the breach have not yet been confirmed.
At this time, the situation remains an active investigation. Red Hat has not publicly verified the breach, but the potential implications are significant. A successful theft of source code could expose proprietary information, trade secrets, and potentially lead to the discovery of new, exploitable vulnerabilities within Red Hat’s widely used enterprise products.
This incident serves as a stark reminder that even the most security-conscious technology companies are high-value targets. Development environments and code repositories are increasingly in the crosshairs of sophisticated attackers.
Lessons in Securing Development Pipelines:
- Enforce Multi-Factor Authentication (MFA): Access to critical infrastructure, especially code repositories like GitLab, GitHub, or Bitbucket, must be protected with mandatory MFA.
- Principle of Least Privilege: Ensure developers and automated systems only have access to the specific repositories and permissions they absolutely require to do their jobs.
- Monitor for Anomalous Activity: Actively monitor for unusual access patterns, large data exfiltration events, or logins from unrecognized locations or devices.
Ultimately, both of these events underscore a fundamental truth of modern cybersecurity: vigilance is non-negotiable. Whether it’s patching a four-year-old vulnerability or securing a cutting-edge development pipeline, proactive and persistent security measures are the only effective defense against determined adversaries.
Source: https://www.helpnetsecurity.com/2025/10/05/week-in-review-many-cisco-asa-firewalls-still-unsecure-hackers-claim-red-hats-gitlab-breach/
