Security News > 2023 > February > CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active abuse in the wild.
Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.
The second shortcoming to be added to KEV catalog is CVE-2015-2291, an unspecified flaw in the Intel ethernet diagnostics driver for Windows that could throw an affected device into a denial-of-service state.
Lastly, CISA has also added a remote code injection discovered in Fortra's GoAnywhere MFT managed file transfer application to the KEV catalog.
While patches for the flaw were released recently, the exploitation has been linked to a cybercrime group affiliated with a ransomware operation.
Security blog Bleeping Computer reported that the Clop ransomware crew reached out to the publication and claimed to have exploited the flaw to steal data stored in the compromised servers from over 130 companies.
News URL
https://thehackernews.com/2023/02/cisa-warns-of-active-attacks-exploiting.html
Related news
- CISA tags SonicWall VPN flaw as actively exploited in attacks (source)
- CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks (source)
- Ivanti patches two zero-days under active attack as intel agency warns customers (source)
- Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks (source)
- CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs (source)
- CISA says SaaS providers in firing line after Commvault zero-day Azure attack (source)
- CISA warns of ConnectWise ScreenConnect bug exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2015-2291 | Improper Input Validation vulnerability in Intel products (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | 7.8 |