U.S. Agencies Warn About New Vulnerabilities and Expanding Cyber Campaigns

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued alerts concerning new vulnerabilities being actively exploited by cyber attackers and expanding cyber campaigns targeting a range of devices and systems. These combined efforts by the two agencies highlight the complexity and evolving nature of cybersecurity threats that affect various sectors, from government entities to private enterprises. With this announcement, both agencies aim to alert IT professionals, security experts, and the general public about the imminent risks associated with these newly identified vulnerabilities and the necessity for prompt action.

CISA has added two new security flaws, identified as CVE-2024-20767 and CVE-2024-35250, to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. CVE-2024-20767 impacts Adobe ColdFusion and poses a significant risk by allowing attackers to access or modify restricted files via an internet-exposed admin panel. Meanwhile, CVE-2024-35250 affects the Microsoft Windows Kernel-Mode Driver, granting local attackers the capability to escalate privileges. Both vulnerabilities have available patches, and CISA strongly recommends that federal civilian executive branch (FCEB) agencies remediate these flaws by January 6, 2025, to prevent potential exploitation.

Expanding HiatusRAT Campaigns: A Broader Threat Landscape

In addition to CISA’s warnings, the FBI has also raised alerts about the expansion of HiatusRAT campaigns targeting Internet of Things (IoT) devices, particularly web cameras and DVRs manufactured by companies such as Hikvision, D-Link, and Dahua. These cyber campaigns have spread to several countries, including the United States, Australia, Canada, New Zealand, and the United Kingdom. The attackers exploit a series of vulnerabilities, including CVE-2017-7921, CVE-2018-9995, CVE-2020-25078, CVE-2021-33044, and CVE-2021-36260, as well as weaknesses in vendor-supplied passwords, to gain unauthorized access and launch their attacks.

The FBI’s alert signifies the growing sophistication of cyber attackers who are leveraging these vulnerabilities to infiltrate IoT devices. By exploiting these weaknesses, attackers can gain control over highly sensitive devices and systems, allowing them to perform activities such as spying, capturing sensitive information, or launching further attacks from compromised devices. As these campaigns continue to expand, the need for stringent security measures, including the regular updating of firmware and the use of strong, unique passwords, becomes more critical to prevent these types of penetrations.

Analyzing Ransomware Campaigns and DrayTek Router Vulnerabilities

Further troubling findings come from cybersecurity firms Forescout Vedere Labs and PRODAFT, which shed light on ransomware campaigns exploiting vulnerabilities in DrayTek routers. Between August and September 2023, over 20,000 DrayTek Vigor devices were targeted using a suspected zero-day vulnerability. These attacks were executed by three distinct groups known as Monstrous Mantis, Ruthless Mantis, and LARVA-15, with Monstrous Mantis initially exploiting the vulnerability and subsequently sharing access with its partners.

The attacks involved highly sophisticated workflows that eventually led to the deployment of multiple ransomware families, including RagnarLocker, Nokoyawa, RansomHouse, and Qilin. Ruthless Mantis alone reportedly compromised at least 337 organizations, predominantly in the United Kingdom and the Netherlands. The revelation of these collaborative attacks emphasizes the increasing complexity of cyber threats and the necessity for organizations to adopt a proactive stance in their cybersecurity practices to mitigate potential damages.

Addressing and Mitigating Vulnerabilities in the Cybersecurity Landscape

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently issued alerts about new vulnerabilities being actively exploited by cyber attackers who are broadening their targets. These joint alerts from the two agencies underscore the complex and ever-changing nature of cybersecurity threats impacting diverse sectors, including both government bodies and private companies. This announcement aims to inform IT professionals, security specialists, and the general public of the pressing dangers posed by these newly discovered vulnerabilities and the need for immediate action.

CISA has added two new security flaws, CVE-2024-20767 and CVE-2024-35250, to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploits. CVE-2024-20767 is a critical flaw in Adobe ColdFusion that permits attackers to access or alter restricted files via an internet-exposed admin panel. CVE-2024-35250 impacts the Microsoft Windows Kernel-Mode Driver, enabling local attackers to elevate their privileges. Both security issues have patches available, and CISA strongly advises all federal civilian executive branch (FCEB) agencies to address these flaws by January 6, 2025, to prevent possible exploitation.

Explore more

Vivo X Fold 6 – Review

The arrival of the Vivo X Fold 6 marks a pivotal moment where foldable devices transcend their status as fragile novelties to become the primary choice for power users. This transition represents a significant advancement in the mobile sector, pushing the boundaries of what a single handset can accomplish. By merging a book-style form factor with the raw performance of

Oppo Reno16 Series – Review

The modern smartphone market has reached a peculiar crossroads where the distinction between mid-range utility and flagship luxury is no longer defined by features but by the audacity of a manufacturer’s pricing strategy. Traditional product cycles often prioritize incremental updates, but this latest iteration signals a departure from conservative engineering. By integrating components usually reserved for the highest echelon of

AI Adoption Fails Without Proper Workforce Readiness

Ling-yi Tsai is a formidable force in the HRTech sector, possessing decades of experience guiding global organizations through the complex labyrinth of digital evolution. Her mastery of HR analytics and her tactical approach to integrating technology across recruitment and talent management have made her a sought-after advisor for companies looking to bridge the gap between human potential and machine efficiency.

The Human Infrastructure Powering Artificial Intelligence

The seamless flicker of a chatbot’s reply or the effortless lane change of a driverless vehicle often masks a vast, invisible network of human cognitive labor that makes such digital grace possible. While the marketing of advanced technology frequently paints a picture of silicon brains evolving in isolation, the underlying reality is a global assembly line of human intelligence. Every

Bruce Clay Leaves a Lasting Legacy as the Father of SEO

The Architect of an Industry and the Importance of Digital Frameworks The digital landscape we navigate today was not born out of thin air but was meticulously shaped by a few visionary thinkers who saw the potential of the internet long before it became a global marketplace. Among these pioneers, Bruce Clay stood as a singular figure whose influence spanned