A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name.
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability
August 5, 2024
The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. This time, a flaw in the override ...
- Chinese cyber attack sparks alert over six year old MS vuln
August 5, 2024
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft vulnerability dating back to 2018 to its Known Exploited Vulnerabilities (KEV) catalogue after evidence emerged that it is being used in an attack chain by the China-backed APT41 advanced persistent threat group. CVE-2018-0824 was first addressed by Microsoft in the May 2018 Patch ...
- Report finds Apple devices fare the worst when it comes to full takeover risks
August 1, 2024
A worrying number of environments are vulnerable to complete takeover via escalated privileges, a new report from Picus Security has found. Environments were tested in simulated attacks, with the average organization managing to defend against 7 out of 10 attacks, but considering the constant threat presented by organized cybercrime groups, this leaves a serious margin for potential ...
- Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry
July 31, 2024
In a recent audit of open-source web applications, threat researchers from Unit 42 have identified a broken object-level authorization (BOLA) vulnerability that impacts Harbor versions prior to 2.9.5. Harbor is a widely used cloud-native container registry that plays a role in cloud environments by hosting container images and providing features such as role-based access control (RBAC), ...
- The Proliferation of Cellular in IoT
July 30, 2024
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In this new research, the authors dive deep into the fairly recent uptick in the use of cellular communications in IoT-based devices like GPS trackers ...
- VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
July 30, 2024
On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in zero-day attacks and has evidently been used by at least half a dozen ransomware operations to obtain full administrative permissions ...