Cisco Systems has started releasing security patches for a critical flaw in Adaptive Security Appliance (ASA) firewalls targeted by an exploit linked to the U.S. National Security Agency. The exploit, dubbed ExtraBacon, is one of the tools used by a group that the security industry calls the Equation, believed to be a cyberespionage team tied to the NSA.
ExtraBacon was released earlier this month [computerworld.com] together with other exploits by one or more individuals who use the name Shadow Brokers. The files were provided as a sample of a larger Equation group toolset the Shadow Brokers outfit has put up for auction.
[...] There is a second Equation exploit in the Shadow Brokers leak that targets ASA software. It is called EpicBanana and exploits a vulnerability that Cisco claims was patched back in 2011 in version 8.4(3). Nevertheless, the company published a new advisory [cisco.com] for the flaw in order to increase its visibility. A third exploit, BenignCertain, affects legacy Cisco PIX firewalls that are no longer supported. Cisco investigated the exploit and said only versions 6.x and earlier of the PIX software are affected. Users who still have such devices on their networks should make sure they're running software versions 7.0 and later, which are not affected.
There is speculation [reuters.com] that the hacks are actually leaks from a "second (third? [soylentnews.org]) Snowden". A linguistic analysis [vice.com] of the "broken English" used by the Shadow Brokers determined that the text was written by someone pretending to not know English.
Previously: "The Shadow Brokers" Claim to Have Hacked NSA [soylentnews.org]
NSA 'Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot [soylentnews.org]