On November 17, cybersecurity agencies from the US, UK and Australia issued a joint warning about hackers from Iran actively exploiting security vulnerabilities of companies such as Microsoft and Fortinet.
These cyber security agencies say the hackers are sponsored by Iranian state organizations that aim to gain access to vulnerable systems to steal data and spread malware. extortion (ransomware).
|US, UK and Australia warn hackers exploiting vulnerabilities from Microsoft and Fortinet|
According to a report from the US Cybersecurity and Infrastructure Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Cyber Security Center (ACSC) and the UK’s National Cyber Security Center (NCSC). , the hacker group is said to have taken advantage of many vulnerabilities in the FortiOS security software of the Fortinet network security equipment and solution company (USA) since March 2021 as well as a code execution vulnerability from remote affects Microsoft’s Microsoft Exchange servers as of October 2021.
Targeted victims include Australian organizations and many across many critical US infrastructure sectors such as transport and healthcare.
In addition to exploiting FortiOS vulnerabilities to gain access to vulnerable networks, CISA and the FBI said they observed hackers abusing Fortinet’s Fortigate dedicated firewall appliance in May 2021. to gain a foothold in the web server hosting domain names for the US city government.
In June 2021, a targeted cyber attack (APT) exploited a Fortigate device to gain access to an environmental control network affiliated with a US-based hospital specializing in healthcare. for children.
The growth of these hacker groups marks the second time the US government has warned of a persistent threat targeting Fortinet’s FortiOS servers by taking advantage of vulnerabilities like CVE-2018-13379. , CVE-2020-12812, and CVE-2019-5591 to compromise government systems and commercial entities.
To mitigate the impact caused by hackers, cybersecurity agencies have recommended that organizations immediately patch software affected by the aforementioned security vulnerabilities, enforce backup and restore procedures. data, perform network segmentation, secure accounts with multi-factor authentication, and patch operating systems, software, and firmware as updates are released.
Phan Van Hoa (according to Thehackernews)
The notorious malware Emotet is back
Recently, cybersecurity experts have issued a warning saying that the infamous Emotet botnet malware has shown signs of return and is capable of causing worse harm than ever.