WatchGuard states that roughly 1% of their all active WatchGuard firewall appliances were hit by Cyclops Blink. The agency urged all US organizations for fixing it as well since the Sandstorm group is actively abusing the bug to deploy their Cyclops Blink botnet malware. However, the bug requires a non-default configuration: they need to be configured to allow unrestricted management access from the internet, which is restricted by default.ĬISA has ordered Federal Civilian Executive Branch agencies to fix their systems within three weeks. ![]() The flaw is remotely exploitable and its severity is rated as critical. Remote privilege escalation bugĪccording to CISA’s statement, WatchGuard Firebox and XTM appliances are affected by a bug that allows privilege escalation which can be tracked by CVE-2022-23176. Sandstorm is now abusing the bug in WatchGuard Firebox and XTM firewall appliances for Cyclops Blink, CISA says. The group believed to be directly connected to the Russian military intelligence agency was hit by the FBI taking down its C2 communication for Cyclops Blink botnet malware. ![]() ![]() The Russian state-sponsored threat actor, Sandstorm, is pretty active nowadays.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |