Firestarter Malware Persists Despite Cisco Firewall Patches
The Firestarter malware, associated with the ArcaneDoor threat actor, has been found to persist in Cisco's Firepower and Secure Firewall devices despite security patches released in September last year. This malware, identified as a Linux binary, embeds itself in the Firepower eXtensible Operating System (FXOS) base layer, surviving device reboots and evading detection. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) have issued alerts, advising organizations to follow emergency directives, including physically disconnecting affected firewalls to disrupt the malware's persistence. 
