A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name.
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- iPhone iOS 16.1.1 fixes two security vulnerabilities – time to update
November 10, 2022
Apple has released an update that protects users against two security vulnerabilities that could affect iPhones and iPads. The iOS 16.1.1 and iPadOS 16.1.1 software update comes two weeks after the release of iOS 16.1 for all iPhone and iPad users. The security update protects users against two vulnerabilities CVE-2022-40303 and CVE-2022-40304. Both vulnerabilities have been found ...
- VMware warns of three critical holes in remote-control tool
November 9, 2022
VMware has revealed a terrible trio of critical-rated flaws in Workspace ONE Assist for Windows – a product used by IT and help desk staff to remotely take over and manage employees’ devices. The flaws are all rated 9.8 out of 10 in CVSS severity. A miscreant able to reach a Workspace ONE Assist deployment, either ...
- Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks
November 8, 2022
Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild. Attackers have been chaining the two security flaws to deploy Chinese Chopper web shells on compromised servers for persistence and data theft, as well as for lateral movement in their victims’ networks since at ...
- CISA Adds Seven Known Exploited Vulnerabilities to Catalog
November 8, 2022
CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...
- China is likely stockpiling and deploying vulnerabilities, says Microsoft
November 7, 2022
Microsoft has asserted that China’s offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China’s 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity. The rules mean Beijing can use local research to hoard vulnerability ...
- A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
November 4, 2022
Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later. As defenders, in-the-wild exploit samples give us important insight into what attackers ...