Security News > 2023 > February > CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active abuse in the wild.
Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.
The second shortcoming to be added to KEV catalog is CVE-2015-2291, an unspecified flaw in the Intel ethernet diagnostics driver for Windows that could throw an affected device into a denial-of-service state.
Lastly, CISA has also added a remote code injection discovered in Fortra's GoAnywhere MFT managed file transfer application to the KEV catalog.
While patches for the flaw were released recently, the exploitation has been linked to a cybercrime group affiliated with a ransomware operation.
Security blog Bleeping Computer reported that the Clop ransomware crew reached out to the publication and claimed to have exploited the flaw to steal data stored in the compromised servers from over 130 companies.
News URL
https://thehackernews.com/2023/02/cisa-warns-of-active-attacks-exploiting.html
Related news
- CISA: Here’s how you can foil DDoS attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- Researchers unveil novel attack methods targeting Intel’s conditional branch predictor (source)
- CISA says GitLab account takeover bug is actively exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-09 | CVE-2015-2291 | Improper Input Validation vulnerability in Intel products (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | 7.2 |