A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name.
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware
August 29, 2025
WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate ...
- How attackers adapt to built-in macOS protection
August 29, 2025
If a system is popular with users, you can bet it’s just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end security for the end user. This post looks at how ...
- A critical Docker Desktop security flaw puts Windows hosts at risk of attack – patch now
August 26, 2025
Docker has patched a critical severity vulnerability in its Desktop app for Windows and macOS which could have allowed threat actors to fully take over vulnerable hosts, exfiltrate sensitive data, and more. The vulnerability is described as a server-side request forgery (SSRF) and, according to the NVD, it “allows local running Linux containers to access the ...
- All Apple users should update after company patches zero-day vulnerability in all platforms
August 21, 2025
Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability (a vulnerability which Apple was previously unaware of) that is reportedly being used in targeted attacks. Apple has acknowledged reports that attackers may have already used this flaw in a highly sophisticated operation aimed at specific, high‑value targets. But history teaches ...
- Commvault Releases Security Updates to Address Multiple Vulnerabilities
August 21, 2025
Commvault has released security advisories to address 4 vulnerabilities in Commvault Windows and Linux. Security researchers have demonstrated the ability for these vulnerabilities to be chained together by an unauthenticated remote attacker to perform remote code execution on the Commvault server. CVE-2025-57788 – Unauthorized API Access Risk CVSSv4 6.9 CVE-2025-57789 – Vulnerability in Initial Administrator Login Process CVSSv4 ...
- FBI: Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure
August 20, 2025
The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running ...