CSW's Threat Intelligence - March 13, 2023 - March 17, 2023
Posted on Mar 14, 2023 | By Supriya Aluri
This edition brings you early warnings, trending news about cyber threats, and the accurate threat context. Check out which threat group is on the rampage, what vulnerability it could soon weaponize, and more.
Why play catch up when you can fix this now?
Vulnerabilities to Watch Out For
IceFire Ransomware Targets Linux Devices
IceFire ransomware, previously focused on Windows exploits, has released a malware that infects Linux devices. The ransomware gang has already deployed these malware samples in a number of organizations worldwide. The new ransomware encrypts files on the Linux system but not all of them. Specific paths remain unencrypted allowing critical system parts to remain operational. CVE-2022-47986, the IBM Aspera vulnerability is targeted by IceFire to gain initial access. There are more than 150 Aspera servers exposed online. Aspera users must fix this Vulnerabilities to avoid falling victim to IceFire ransomware.
CISA Adds CVE-2021-39144 and CVE-2020-5741 to the KEV list
CVE-2021-39144 is a critical VMware XStream flaw that can allow attackers to execute code remotely. It has a 9.8 score on the CVSS scale. This bug can be exploited in low-complexity attacks without user interaction necessary to execute arbitrary code with root privileges.
A proof of concept is already available publicly and there is evidence that this vulnerability is exploited in the wild.
CVE-2020-5741 is the Plex bug that was exploited in the LastPass breach. It allows attackers with admin privileges to execute arbitrary code remotely in low-complexity attacks. The attackers do not need user interaction for exploitation. LastPass was hacked in 2022 using this vulnerability and installing a keylogger.
CISA added both these vulnerabilities to the Known Exploitable Vulnerabilities list on Mar 10, 2023 and requires all federal organizations to patch them by March 31, 2023.
Vulnerabilities to Watch Out For
Several Vulnerabilities in Jenkins Server
A chain of vulnerabilities in Jenkins Server and Update Center was recently discovered. An attacker can execute arbitrary code in a compromised server by exploiting these vulnerabilities.
Tracked as CVE-2023-27898 and CVE-2023-27905, they are called CorePlague and can also allow attackers to impact self-hosted Jenkins servers.
Jenkins patched these vulnerabilities on Feb 15, 2023 and recommends users to apply it to mitigate risks.
FortiOS Zero-Day Vulnerability
CVE-2022-41328 is a high-severity vulnerability in FortiOS that is actively exploited by threat actors. An authenticated attacker can exploit it to read and write arbitrary files by sending crafted CLI commands. Forti has patched this vulnerability in FortiOS version 6.4.12 and above.
Threat actors are targeting Government networks which use unpatched versions of FortiOS.
Check out this section to track how these threats evolve!
We use our threat intelligence platform driven by Artificial Intelligence (AI) and Machine Learning (ML) models to analyze the vulnerabilities that hackers could potentially exploit. We warn our customers continuously about exposures and prioritize vulnerabilities to facilitate rapid remediation.
Follow our weekly blog and podcast to get proactive alerts on trending threats. Reach out to us if you need help managing your vulnerabilities and exposures.
Leverage our expertise and manage your threats continuously to stay safe from attackers.
Never miss a patch or an update with CSW's Patch Watch Newsletter. Subscribe now!