US government agencies told to patch these critical security flaws or face attack

CISA adds CVE-2023-28461 to its Known Exploited Vulnerabilities catalog
Federal agencies have until December 16 to patch up
The bug is being abused by a Chinese group known as Earth Kasha

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning federal agencies they have a three-week deadline to apply the available patch, or stop using the affected software altogether.

The agency added a missing authentication vulnerability to KEV tracked under CVE-2023-28461, which has a severity score of 9.8, and allows crooks to execute arbitrary code on remote devices.

It was discovered in Array Networks AG and vxAG secure access gateways, and was fixed in March 2023, with the first clean version of the software being version 9.4.0.484.

Earth Kasha

“Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication,” Array Networks said at the time. “The product can be exploited through a vulnerable URL.”

Federal organizations have until December 16 to patch the software.

CISA did not detail the attacks, but Trend Micro claims a threat actor known as Earth Kasha was using it.

This Chinese group, also known as MirrorFace, was apparently abusing Array AG, ProSelf, and FortiNet for initial access. The group mostly targets victims in Japan, although it was observed going after organizations in Taiwan, India, and Europe. Going after US-based targets is not that common, it would seem.

Earth Kasha seems to be tied to the APT10 advanced persistent threat. The group primarily focuses on sectors like government, technology, and academia, and deploys malware such as LODEINFO, NOOPDOOR, and MirrorStealer to steal credentials, maintain persistence, and exfiltrate sensitive data. Their campaigns often involve credential dumping, DLL side-loading, and encrypted payloads.

Via The Hacker News

https://cdn.mos.cms.futurecdn.net/exjZtnyH8bykMKrG4TDthC-1200-80.jpg

Source link

Chinese military bolt-on rackmount that can house up to 8 AI servers grabs iF Design Award

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign

There’s a huge MacBook Air sale right now – shop record-low prices from $629.99

PC case sizes explained: all form factors available in 2025

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

The IRS just demoted its chief counsel who clashed with Elon Musk’s DOGE: report

Bitcoin price today: slips to $80K as tariffs tensions sour risk sentiment

UN experts accuse Israel of genocidal acts and sexual violence in Gaza

Worried about microplastics? 5 ways to reduce your exposure

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

US government agencies told to patch these critical security flaws or face attack

The IRS just demoted its chief counsel who clashed with Elon Musk’s DOGE: report

Bitcoin price today: slips to $80K as tariffs tensions sour risk sentiment

UN experts accuse Israel of genocidal acts and sexual violence in Gaza

Chinese military bolt-on rackmount that can house up to 8 AI servers grabs iF Design Award