CISA and FBI Warn About Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two newly exploited vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. Both flaws are under active attack, putting systems at risk.

  • CVE-2024-20767 (CVSS score: 7.4): This Adobe ColdFusion flaw lets attackers access restricted files via an exposed admin panel. Adobe patched it in March 2024.
  • CVE-2024-35250 (CVSS score: 7.8): A Microsoft Windows Kernel-Mode Driver flaw allows local attackers to escalate privileges. Microsoft fixed it in June 2024. Researchers identified the vulnerability in the Microsoft Kernel Streaming Service (MSKSSRV).

Although the details of these exploits remain limited, proof-of-concept exploits for both are publicly available. CISA urges Federal Civilian Executive Branch (FCEB) agencies to patch these vulnerabilities by January 6, 2025, to protect their networks.

The FBI also warned about an expanding HiatusRAT campaign. This attack targets IoT devices, including cameras and routers from several brands, in the U.S., Australia, Canada, New Zealand, and the U.K. The attackers exploit vulnerabilities like CVE-2017-7921 and others, often paired with weak passwords. They use tools such as Ingram and Medusa for scanning devices and performing brute-force attacks.

Researchers noted another campaign targeting over 20,000 DrayTek routers. This attack used a zero-day flaw to deploy ransomware between August and September 2023. Threat groups coordinated efforts, including Monstrous Mantis for initial access and Ruthless Mantis for credential harvesting. Another actor, LARVA-15, sold access gained during the campaign.

The attack involved a sophisticated workflow, leading to network infiltration, data theft, and ransomware deployment. The malware included RagnarLocker, Nokoyawa, and Qilin, among others. Weak security practices by vendors, like inadequate code reviews, contributed to the success of these campaigns.

To reduce risks, apply security updates immediately. Use strong, unique passwords for all devices. Monitor network activity for unusual behavior, and implement advanced detection tools. Regularly review device settings and restrict unnecessary admin access. Organizations should prioritize thorough code reviews and patch management to prevent future exploits.

Leave a Comment

Your email address will not be published. Required fields are marked *