• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of active attacks exploiting fortra mft, terramaster nas,

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

You are here: Home / General Cyber Security News / CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
February 11, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday additional 3 flaws to its Regarded Exploited Vulnerabilities (KEV) catalog, citing proof of energetic abuse in the wild.

Integrated among the 3 is CVE-2022-24990, a bug impacting TerraMaster network-hooked up storage (TNAS) units that could lead to unauthenticated remote code execution with the best privileges.

Facts about the flaw have been disclosed by Ethiopian cyber security investigate company Octagon Networks in March 2022.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The vulnerability, according to a joint advisory introduced by U.S. and South Korean authorities authorities, is said to have been weaponized by North Korean country-condition hackers to strike health care and critical infrastructure entities with ransomware.

The next shortcoming to be included to KEV catalog is CVE-2015-2291, an unspecified flaw in the Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys) that could throw an impacted unit into a denial-of-service condition.

The exploitation of CVE-2015-2291 in the wild was disclosed by CrowdStrike past month, detailing a Scattered Spider (aka Roasted 0ktapus or UNC3944) attack that entailed an attempt to plant a legitimately signed but destructive version of the vulnerable driver making use of a tactic known as Bring Your Possess Susceptible Driver (BYOVD).

The objective, the cybersecurity firm said, was to bypass endpoint security software installed on the compromised host. The attack was finally unsuccessful.

The advancement underscores the growing adoption of the system by various threat actors, specifically BlackByte, Earth Longzhi, Lazarus Team, and OldGremlin, to ability their intrusions with elevated privileges.

Last of all, CISA has also extra a remote code injection found out in Fortra’s GoAnywhere MFT managed file transfer software (CVE-2023-0669) to the KEV catalog. Even though patches for the flaw have been released lately, the exploitation has been linked to a cybercrime group affiliated with a ransomware procedure.

Huntress, in an examination printed previously this 7 days, reported it observed the infection chain top to the deployment of TrueBot, a Windows malware attributed to a menace actor recognised as Silence and which shares connections with Evil Corp, a Russian cybercrime crew that displays tactical overlaps with TA505.

With TA505 facilitating the deployment of Clop ransomware in the previous, it’s becoming suspected that the attacks are a precursor to deploying file-locking malware on focused devices.

Also, security site Bleeping Computer described that the Clop ransomware crew achieved out to the publication and claimed to have exploited the flaw to steal info saved in the compromised servers from over 130 providers.

Federal Civilian Executive Branch (FCEB) agencies are expected to apply the fixes by March 3, 2023, to safe the networks from lively threats.

Identified this article appealing? Stick to us on Twitter  and LinkedIn to read through more exceptional content material we publish.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Reddit Hit By Phishing Attack, Source Code Stolen
Next Post: Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users enigma, vector, and tgtoxic: the new threats to cryptocurrency users»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.