""The imminent threat of exploitation to agency information systems running EOS edge devices is substantial and constant, resulting in a significant threat to federal property. CISA is aware of widespread exploitation campaigns by advanced threat actors targeting EOS edge devices,""
""We're encouraging other organizations to follow our lead and adopt similar actions to strengthen the security of their edge devices. Put simply, unsupported devices should never remain on enterprise networks,""
CISA detected widespread exploitation of unsupported, internet-facing edge devices by advanced threat actors and issued a binding operational directive requiring federal agencies to remove and replace outdated equipment. The directive targets edge devices that often remain in service after vendors stop issuing security updates, increasing the risk of exploitation. CISA described the imminent threat as substantial and constant and noted campaigns by advanced threat actors, some with ties to nation-state adversaries. Agencies have three months to identify unsupported edge devices, one year to begin removing them, and 18 months to eliminate them, followed by continuous monitoring. Agencies must immediately update any vendor-supported devices.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]