On Feb. 10, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted a message on its website informing the public of the inclusion of three new flaws in their vulnerabilities catalog.
“CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation,” the message read. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
One of the three vulnerabilities to be added to the KEV catalog is CVE-2022-24990, which is a bug that attacks TerraMaster network-attached storage (TNAS) devices. According to a joint advisory released by the U.S. and South Korean governments, this vulnerability is said to have been weaponized by North Korean threat actors with the aim of attacking healthcare and other critical infrastructure with ransomware.
The second flaw included in the catalog is found in the Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys) and is known as CVE-2015-2291. It can put a compromised device into a denial-of-service (DOS) state. According to CrowdStrike, this vulnerability was exploited through a Scattered Spider (aka Roasted 0ktapus or UNC3944) attack that involved planting a malicious version of the driver using a tactic known as Bring Your Own Vulnerable Driver (BYOVD).
The last vulnerability added to the KEV catalog is CVE-2023-0669, a remote code injection issue found in Fortra’s GoAnywhere MFT managed file transfer application. The exploitation of CVE-2023-0669 has been linked to a hacker group, TA505, known for deploying a ransomware operation in the past. According to Bleeping Computer, the e-crime crew admitted to exploiting the vulnerability to steal data stored in the affected servers.
Federal Civilian Executive Branch (FCEB) agencies are required to “remediate identified vulnerabilities” by March 3, 2023. However, CISA also urges other organizations to “reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.”