A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency’s name.
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- France bans ministers from WhatsApp, Signal; demands French alternatives
November 30, 2023
French Prime Minister Élisabeth Borne has banned widely used messaging apps WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo obtained by French news outlet Le Point. “These digital tools are not devoid of security flaws, and therefore cannot guarantee the security of conversations and information shared via ...
- ownCloud vulnerability can be used to extract admin passwords
November 28, 2023
ownCloud has warned users about three critical security flaws in its file-sharing software which, if exploited, could reveal sensitive information and modify files. An especially and potentially impactful one is a vulnerability that could lead to disclosure of sensitive credentials and configuration in containerized deployments. ownCloud is a very widely used open-source project that allows users ...
- GoTitan Botnet – Ongoing Exploitation on Apache ActiveMQ
November 28, 2023
This past October, Apache issued a critical advisory addressing CVE-2023-46604, a vulnerability involving the deserialization of untrusted data in Apache. On November 2, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-46604 to its known exploited list, KEV Catalog, indicating this vulnerability’s high risk and impact. Fortiguard Labs also released an outbreak alert and a threat ...
- Cisco aids Ukraine in cyber defense with modified switches to counter Russian attacks
November 23, 2023
Cisco has proactively shipped modified switches to Ukrenergo, the state-owned electricity grid operator in Ukraine, to bolster its defenses against Russian cyberattacks targeting energy infrastructure. These attacks have included the use of GPS-jamming tactics, which disrupt the high-voltage energy subsystems crucial for power distribution and damage assessment. The reliance of Ukraine’s substations on GPS for time ...
- How to stop fake System notifications on macOS
November 21, 2023
Scammers are abusing an Apple feature that allows websites to create push notifications that look like they’re coming from macOS, or apps. The notifications try to scare users into clicking a link with fake virus alerts or messages saying their account has been hacked. Years ago Malwarebytes Labs warned our readers about the introduction of browser ...
- SysAid path traversal vulnerability
November 21, 2023
SonicWall Capture Labs Threat Research Team became aware of the SysAid path traversal vulnerability, assessed its impact and developed mitigation measures for the vulnerability. On November 8, 2023, SysAid, an IT service management company, disclosed CVE-2023-47426, which is a zero-day path traversal vulnerability carrying a CVSS 9.8 score and affecting on-premise SysAid servers running version < ...