CISA Alerts to Active Attacks Exploiting Vulnerabilities Catalog

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu Writer

On Feb. 10, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted a message on its website informing the public of the inclusion of three new flaws in their vulnerabilities catalog.

“CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation,” the message read. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”

One of the three vulnerabilities to be added to the KEV catalog is CVE-2022-24990, which is a bug that attacks TerraMaster network-attached storage (TNAS) devices. According to a joint advisory released by the U.S. and South Korean governments, this vulnerability is said to have been weaponized by North Korean threat actors with the aim of attacking healthcare and other critical infrastructure with ransomware.

The second flaw included in the catalog is found in the Intel ethernet diagnostics driver for Windows (IQVW32.sys and IQVW64.sys) and is known as CVE-2015-2291. It can put a compromised device into a denial-of-service (DOS) state. According to CrowdStrike, this vulnerability was exploited through a Scattered Spider (aka Roasted 0ktapus or UNC3944) attack that involved planting a malicious version of the driver using a tactic known as Bring Your Own Vulnerable Driver (BYOVD).

The last vulnerability added to the KEV catalog is CVE-2023-0669, a remote code injection issue found in Fortra’s GoAnywhere MFT managed file transfer application. The exploitation of CVE-2023-0669 has been linked to a hacker group, TA505, known for deploying a ransomware operation in the past. According to Bleeping Computer, the e-crime crew admitted to exploiting the vulnerability to steal data stored in the affected servers.

Federal Civilian Executive Branch (FCEB) agencies are required to “remediate identified vulnerabilities” by March 3, 2023. However, CISA also urges other organizations to “reduce their exposure to cyberattacks by prioritizing timely remediation of  Catalog vulnerabilities as part of their vulnerability management practice.”

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.