CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5

The vulnerability added to CISA’s KEV catalog affects ThreatSonar Anti-Ransomware and it was patched in 2024. The post CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5 appeared first on SecurityWeek.

Vulnerability exploited

A vulnerability affecting the ThreatSonar Anti-Ransomware product of Taiwan-based cybersecurity firm TeamT5 has been exploited in the wild, the US cybersecurity agency CISA warned on Tuesday.

CISA added the ThreatSonar Anti-Ransomware flaw, tracked as CVE-2024-7694, to its Known Exploited Vulnerabilities (KEV) catalog and instructed federal agencies to address it by March 10.

TeamT5’s website indicates that the company’s threat intelligence and protection solutions are used in the United States, Japan, and Taiwan, including by government agencies. 

This could explain why CISA added the vulnerability to its KEV list, which focuses on security holes that could pose a threat to US government organizations.  

CVE-2024-7694 is a high-severity arbitrary file-upload issue affecting TeamT5’s ThreatSonar Anti-Ransomware product. The issue was patched in August 2024. 

“ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server,” reads an advisory published at the time of patching by Taiwan’s TWCERT/CC.

Based on TWCERT/CC’s note that admin privileges are required for exploitation, the flaw has likely been chained with a different vulnerability. 

There appears to be no public information on attacks involving CVE-2024-7694, but the fact that the affected product comes from a Taiwanese cybersecurity firm and serves government clients naturally raises the possibility of involvement by China-linked threat actors, although this remains entirely speculative without supporting evidence.

SecurityWeek has reached out to both TeamT5 and TWCERT/CC for comment on the attacks and will update this article if they respond. However, the responses may be delayed due to the Lunar New Year in Taiwan.

UPDATE, February 24: TeamT5 and TWCERT have responded to SecurityWeek. TeamT5 has published a blog post clarifying that it’s not aware of any customers still running a vulnerable version of its software.

In addition, TeamT5 confirmed for SecurityWeek that Chinese APTs are likely behind the attacks, but noted that all the attacks occurred back in 2024. SecurityWeek has published a follow-up article with additional clarifications.

Related: Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group

Related: Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom Firms

Related: China Revives Tianfu Cup Hacking Contest Under Increased Secrecy

Related: Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets

Latest News

CYBERNEWSMEDIAPublisher