A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name.
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- An In-Depth Look at ICS Vulnerabilities Part 1
March 30, 2022
Every year, vulnerabilities are discovered and registered to a Common Vulnerabilities and Exposures (CVE) ID by the MITRE Corporation. Each vulnerability’s details are recorded, and specialists also include how to mitigate them under their CVE ID. Vulnerabilities that can affect industrial control system (ICS) environments are identified to the public through advisories by the Industrial ...
- Hackers are getting faster at exploiting zero day flaws. That’s going to be a problem for everyone
March 29, 2022
Hackers were much faster to exploit software bugs in 2021, with the average time to exploitation down from 42 days in 2020 to just 12 days. That marks a 71% decrease in ‘time to known exploitation’ or TTKE, according to security firm Rapid7’s new 2021 Vulnerability Intelligence Report. The main reason for the reduction in TTKE ...
- Sophos patches critical remote code execution vulnerability in Firewall
March 28, 2022
Sophos has patched a remote code execution (RCE) vulnerability in the Firewall product line. Sophos Firewall is an enterprise cybersecurity solution that can adapt to different networks and environments. Firewall includes TLS and encrypted network traffic inspection, deep packet inspection, sandboxing, intrusion prevention systems (IPSs), and visibility features for detecting suspicious and malicious network activity. Read more… Source: ...
- VMware fixes command injection, file upload flaws in Carbon Black security tool
March 23, 2022
VMware has patched two security flaws, an OS command injection vulnerability and a file upload hole, in its Carbon Black App Control security product running on Windows. Both bugs are rated 9.1 out of 10 in terms of CVSS severity. They can be exploited to execute arbitrary commands on the Windows host, such as commands to ...
- CRI-O Security Update for Kubernetes
March 18, 2022
CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers. CISA encourages users and administrators to review the CRI-O Security Advisory and apply the necessary updates or ...
- ISC Releases Security Advisories for BIND
March 17, 2022
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds. CVE-2021-25220 CVE-2022-0396 CVE-2022-0635 CVE-2022-0667 Read more… Source: U.S. Cybersecurity and ...