Home Security CISA Warns of Energetic Assaults Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

CISA Warns of Energetic Assaults Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

by crpt os


Feb 11, 2023Ravie LakshmananThreat Response / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.

Included among the three is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges.

Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.

The vulnerability, according to a joint advisory released by U.S. and South Korean government authorities, is said to have been weaponized by North Korean nation-state hackers to strike healthcare and critical infrastructure entities with ransomware.

The second shortcoming to be added to KEV catalog is CVE-2015-2291, an unspecified flaw in the Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys) that could throw an affected device into a denial-of-service state.

The exploitation of CVE-2015-2291 in the wild was revealed by CrowdStrike last month, detailing a Scattered Spider (aka Roasted 0ktapus or UNC3944) attack that entailed an attempt to plant a legitimately signed but malicious version of the vulnerable driver using a tactic called Bring Your Own Vulnerable Driver (BYOVD).

The goal, the cybersecurity firm said, was to bypass endpoint security software installed on the compromised host. The attack was ultimately unsuccessful.

The development underscores the growing adoption of the technique by multiple threat actors, namely BlackByte, Earth Longzhi, Lazarus Group, and OldGremlin, to power their intrusions with elevated privileges.

Lastly, CISA has also added a remote code injection discovered in Fortra’s GoAnywhere MFT managed file transfer application (CVE-2023-0669) to the KEV catalog. While patches for the flaw were released recently, the exploitation has been linked to a cybercrime group affiliated with a ransomware operation.

Huntress, in an analysis published earlier this week, said it observed the infection chain leading to the deployment of TrueBot, a Windows malware attributed to a threat actor known as Silence and which shares connections with Evil Corp, a Russian cybercrime crew that exhibits tactical overlaps with TA505.

With TA505 facilitating the deployment of Clop ransomware in the past, it’s being suspected that the attacks are a precursor to deploying file-locking malware on targeted systems.

Furthermore, security blog Bleeping Computer reported that the Clop ransomware crew reached out to the publication and claimed to have exploited the flaw to steal data stored in the compromised servers from over 130 companies.

Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by March 3, 2023, to secure the networks against active threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex