Hackers exploiting new Microsoft, Oracle, Apple bugs: US agency

San Francisco: The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are actively exploiting new vulnerabilities coming from top tech companies like Microsoft, Oracle, Apache and Apple, among others.

The national cyber-security agency listed 15 vulnerabilities based on evidence that threat actors are actively exploiting them.

These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

One of the vulnerabilities, a Microsoft Windows SAM local privilege escalation vulnerability, has a remediation date of February 24.

“The catalog is a living list of known CVEs that carry significant risk to the federal enterprise. It requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats,” said the CISA.

The CISA strongly urged all organisations to reduce their exposure to cyberattacks by prioritising timely remediation of vulnerabilities as part of their vulnerability management practice.

“CISA will continue to add vulnerabilities to the catalog that meet the meet the specified criteria,” it added.

Meanwhile, the agency said that in 2021, cybersecurity authorities in the US, Australia and the UK observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 US critical infrastructure sectors.

“Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organisations globally,” it warned.

The market for ransomware became increasingly “professional” in 2021, and the criminal business model of ransomware is now well established.

In addition to their increased use of ransomware-as-a-service (RaaS), ransomware threat actors employed independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals.