CISA Adds Three Flaws to Known Exploited Vulnerabilities Catalog

February 11, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild. The flaws, CVE-2015-2291, CVE-2022-24990, and CVE-2023-0669, have been linked to North Korean nation-state hackers, a Scattered Spider attack, and a cybercrime group affiliated with a ransomware operation, respectively.

The most severe of the three flaws is CVE-2022-24990, a bug affecting TerraMaster network-attached storage (TNAS) devices that could lead to unauthenticated remote code execution with the highest privileges. The vulnerability was disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022 and has since been weaponized by North Korean nation-state hackers to launch ransomware attacks against healthcare and critical infrastructure entities.

CVE-2015-2291 is an unspecified flaw in the Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys) that could throw an affected device into a denial-of-service state. The exploitation of CVE-2015-2291 in the wild was revealed by CrowdStrike last month, detailing a Scattered Spider attack that entailed an attempt to plant a malicious version of the vulnerable driver.

The third flaw, CVE-2023-0669, is a remote code injection discovered in Fortra's GoAnywhere MFT managed file transfer application. While patches for the flaw were released recently, the exploitation has been linked to a cybercrime group affiliated with a ransomware operation. Huntress reported that the infection chain leading to the deployment of TrueBot, a Windows malware attributed to a threat actor known as Silence, was observed. Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by March 3, 2023, to secure the networks against active threats. As the saying goes, "prevention is better than cure".

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.