The Cybersecurity and Infrastructure Security Agency (CISA) has updated its vulnerability database with three new entries - Fortra's GoAnywhere MFT, TerraMaster NAS, and Intel Ethernet diagnostics driver flaws.
(https://www.bleepstatic.com/content/hl-images/2021/12/14/CISA__headpic.jpg)
These vulnerabilities are all currently known to be exploited in the wild and can pose a significant risk to cybersecurity. CISA uses a catalog of known vulnerabilities to identify new ones, making it easier for organizations to stay up-to-date on the most pressing threats.
CISA is responsible for coordinating cybersecurity programs and improving the government's defenses against hackers. The agency plays a crucial role in protecting both public and private entities from cyber attacks.
The Fortra GoAnywhere MFT is a storage device used to provide backup of data stored on your computer's hard drive, as well as remote access to files and folders. Fortra warned users about a zero-day remote code injection exploit on February 6th that was patched in version 7.1.2. Meanwhile, TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password, tracked as CVE-2022-24990.
The Intel Ethernet diagnostics driver flaw can be exploited by attackers to create a denial of service or execute arbitrary code in kernel space. The vulnerability has a CVSS rating of 7.8 and is tracked as CVE-2015-2291. To ensure maximum security, related companies recommend installing the latest update for both the NAS and the Intel vulnerability.
Overall, it is important for organizations to stay up-to-date on the latest vulnerabilities and take necessary steps to mitigate their impact. Being proactive in cybersecurity measures can help prevent devastating consequences from cyber attacks.
The Cybersecurity and Infrastructure Protection Agency (CISA) has included the VMware Cloud Foundation's critical security vulnerability in its list of exploited vulnerabilities. This breach is caused by a CVE-2021-39144 error detected in the XStream open source library that is widely used in VMware products, with a severity rating of 9.8 out of 10.
Due to this vulnerability, attackers can remotely execute arbitrary code on uncorrected devices without user intervention. VMware has released fixes for this issue and some expired products due to the severity of the problem.
Following confirmation of the vulnerability's exploitation by VMware, CISA added it to its known exploitable vulnerabilities catalog, ordering US federal agencies to protect their systems until March 31, 2022. Although the operating directive only applies to US federal agencies, CISA encourages all organizations to protect their servers from attacks by patching this flaw.
The cyber-security company Wallarm reported operation of CVE-2021-39144 just a few weeks after the release of security updates, with over 40,000 exploits recorded since then. Such vulnerabilities are frequent attack vectors for cyber attackers and pose a significant risk to the enterprise. To stay protected, Startpack suggests using antivirus products that can protect your IT assets from malware. The product works efficiently and allows you to manage passwords, deploy anti-spam systems, and back up data.
CISA's updated vulnerability catalog not only provides information about vulnerabilities but also includes details about any known exploits. This highlights the specific risks associated with each vulnerability and helps organizations understand the potential impact if they fail to address them.
The catalog contains information about the techniques and methods used by threat actors to exploit these vulnerabilities. For each vulnerability, CISA provides details on how it can be exploited, including the steps involved in executing an attack and the potential consequences. This information is crucial for organizations to assess their own vulnerabilities and take appropriate measures to mitigate the risks.
By understanding the specific exploits associated with each vulnerability, organizations can better prioritize their security efforts. They can focus on critical vulnerabilities that are actively being exploited or those that pose significant risks to their systems and data.
Additionally, CISA's vulnerability catalog may include information about any available patches or mitigations for each vulnerability. This helps organizations identify the necessary steps to remediate the vulnerabilities and protect their assets. It emphasizes the importance of applying patches and updates promptly to ensure the security of systems and networks.
CISA, which stands for the Cybersecurity and Infrastructure Security Agency, regularly updates its vulnerability catalog to keep organizations informed about the latest cybersecurity risks. The catalog provides a comprehensive list of vulnerabilities across various technology domains, including software, hardware, and networking infrastructure.
The catalog includes detailed information about each vulnerability, such as its Common Vulnerability Scoring System (CVSS) score, which indicates the severity and potential impact of the vulnerability. This helps organizations prioritize their mitigation efforts based on the level of risk associated with each vulnerability.
Moreover, CISA's vulnerability catalog often reveals vulnerabilities that have been actively exploited by threat actors. By highlighting these exploited risks, CISA aims to draw attention to the urgency of addressing these vulnerabilities. It serves as a reminder that if left unpatched or unmitigated, these vulnerabilities can be exploited by cybercriminals to carry out malicious activities such as data breaches, system compromises, or unauthorized access.
CISA also provides guidance on how organizations can mitigate the risks associated with these vulnerabilities. This can include steps like applying patches, implementing security controls, conducting system updates, or utilizing network protections.
By regularly consulting CISA's vulnerability catalog and taking appropriate action to mitigate the identified risks, organizations can enhance their cybersecurity posture and reduce the likelihood of falling victim to attacks.
Overall, CISA's vulnerability catalog plays a vital role in helping organizations understand the exploited risks they face, prioritize their security efforts, and take proactive measures to protect their systems, networks, and data.
Fortra's RCE zero-day (7.1.2 fix) is low-hanging fruit for any script kiddie with a Kali box, TerraMaster NAS (CVE-2022-24990) hands over admin creds on a silver platter, and Intel's driver flaw (CVE-2015-2291) is a kernel-level free-for-all.
CISA's catalog is spoon-feeding you the intel, yet I bet half of you are still running outdated junk, begging to get pwned. Patch now, or I'll find these holes in your next red team gig and own your entire domain.