A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name.
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CERT NZ Alert: Log4j RCE 0-day actively exploited
December 10, 2021
The ubiquitous java logging library, log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server. Reports from online users show that this is being actively exploited in the wild and that proof-of-concept code has been published. This includes many applications and services written in ...
- Hundreds of thousands of MikroTik devices still vulnerable to botnets
December 9, 2021
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally. In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS ...
- Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products
December 8, 2021
On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4 vulnerabilities webpage. This advisory will be updated as additional information becomes available. Read more… Source: CISCO
- SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
December 8, 2021
SonicWall ‘strongly urges’ organizations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical. The bugs (reported by Rapid7’s Jake Baines and NCC Group’s Richard Warren) impact SMA 200, 210, 400, 410, and 500v appliances even when the web application firewall (WAF) is enabled. The ...
- Two Birds With One Stone: An Introduction To V8 And JIT Exploitation
December 7, 2021
In this special blog series, ZDI Vulnerability Researcher Hossein Lotfi looks at the exploitation of V8 – Google’s open-source high-performance JavaScript and WebAssembly engine – through the lens of a bug used during Pwn2Own Vancouver 2021. The contest submission from Bruno Keith and Niklas Baumstark exploited both Google Chrome and Microsoft Edge (Chromium) with the ...
- Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
December 3, 2021
Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this vulnerability is exploited, it allows attackers to map URLs to files outside the directories configured by Alias-like directives. Under certain configurations where Common ...