The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to the public, adding three newly discovered security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
This move is a result of evidence suggesting that these flaws are being actively abused in the wild.
Among the three is CVE-2022-24990, a serious bug found in TerraMaster network-attached storage (TNAS) devices that could allow unauthenticated remote code execution with the highest privileges.
This vulnerability was disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022 and has been weaponized by North Korean nation-state hackers to launch attacks on healthcare and critical infrastructure entities with ransomware.
The second vulnerability added to KEV is CVE-2015-2291, a flaw in the Intel Ethernet Diagnostics Driver for Windows that could lead to a denial-of-service state. CrowdStrike reported that this vulnerability is being actively exploited in the wild by multiple threat actors, including BlackByte, Earth Longzhi, Lazarus Group, and OldGremlin.
Finally, CISA has also added a remote code injection in Fortra’s GoAnywhere MFT-managed file transfer application (CVE-2023-0669) to the KEV catalog.
Although patches for this flaw have been released, it has been linked to a cybercrime group affiliated with a ransomware operation. This is seen as a precursor to a file-locking malware attack on targeted systems.
It is imperative that Federal Civilian Executive Branch (FCEB) agencies take immediate action and apply the necessary fixes by March 3, 2023, to secure their networks against these active threats. Failure to do so could result in devastating consequences for both the organizations and their users.