Security News > 2023 > February > CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active abuse in the wild.
Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.
The second shortcoming to be added to KEV catalog is CVE-2015-2291, an unspecified flaw in the Intel ethernet diagnostics driver for Windows that could throw an affected device into a denial-of-service state.
Lastly, CISA has also added a remote code injection discovered in Fortra's GoAnywhere MFT managed file transfer application to the KEV catalog.
While patches for the flaw were released recently, the exploitation has been linked to a cybercrime group affiliated with a ransomware operation.
Security blog Bleeping Computer reported that the Clop ransomware crew reached out to the publication and claimed to have exploited the flaw to steal data stored in the compromised servers from over 130 companies.
News URL
https://thehackernews.com/2023/02/cisa-warns-of-active-attacks-exploiting.html
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2015-2291 | Improper Input Validation vulnerability in Intel products (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | 7.8 |