Cybersecurity and US infrastructure security agency (CISA) on February 10 replenished its catalog of well-known operated vulnerability three new new newly new ones positions actively used in the wild (itW).
CVE-2022-24990 -vulnerability affecting Terramaster Nettached Storage. It can lead to remote unauthorized execution of code with the highest privileges. Details about the vulnerability were disclosed by Octagon Networks.
According to a joint message published by the government authorities of the United States and South Korea, the vulnerability of the CVE-2022-24990, states, was used by hackers of the North Korean state to strike at health facilities and critically important infrastructure using carriers.
cve-2015-2291 -Intel Ethernet Diagnostics driver for Windows (IQVW32. SYS and IQVW64.Sys). She is able to call on a vulnerable device a refusal of maintenance.
Last month, Crowdstrike revealed the use of CVE-2015-2291 in the wild, describing in detail the attack by Spatted Spider, which entailed an attempt to introduce a legally signed, but harmful version of a vulnerable driver using a BYOVD attack. According to Crowdstrike, the goal was to circumvent antivirus software installed on a hacked host. In the end, the attack was unsuccessful. Also, the operation of the vulnerabilities of the CVE-2015-2291 was repeatedly noticed by the Blackbyte, Earth Longzhi, Lazarus Group and Oldgremlin.
cve-2023-0669 -the vulnerability of the remote implementation of the code found in the Fortra Goanywhere MFT application . And although the patch has already been released to eliminate the vulnerability, Cybercriminals managed to earn everything with the help of robber programs.
in the report , published by Huntress February 8, stated that the researchers discovered the chain Infections leading to the deployment of Truebot, malicious Windows, attributed to the hacker group of Silence, which has common connections with Evil Corp.
The Federal Agencies of the US Civil Executive Committee (FCEB) are required to apply all corrections by March 3, 2023 to protect networks from active threats.