Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Urges Patching Array Networks Flaw

November 26, 2024
Reading Time: 2 mins read
in Alerts
CISA Urges Patching Array Networks Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2023-28461 with a CVSS score of 9.8, involves missing authentication, allowing attackers to achieve remote code execution by exploiting a vulnerable URL. Array Networks released a patch for the issue in March 2023 with firmware version 9.4.0.484, but the ongoing exploitation highlights the importance of prompt updates to secure these systems.

Recent reports reveal that the China-linked cyber espionage group Earth Kasha, also known as MirrorFace, has actively exploited this vulnerability. Known for targeting Japanese entities, Earth Kasha has expanded its operations to attack organizations in Taiwan, India, Europe, and other regions. Alongside CVE-2023-28461, the group has leveraged vulnerabilities in other enterprise-facing products like Proself (CVE-2023-45727) and Fortinet FortiOS/FortiProxy (CVE-2023-27997) for initial access. Notably, ESET disclosed an Earth Kasha campaign targeting an unnamed European diplomatic entity to deliver the ANEL backdoor, using the upcoming World Expo 2025 in Osaka, Japan, as a lure.

CISA has set a deadline of December 16, 2024, for Federal Civilian Executive Branch (FCEB) agencies to apply the necessary patches and secure their networks. This urgency reflects broader concerns, as a VulnCheck report indicates that over 440,000 internet-exposed systems remain potentially vulnerable to similar attacks. The report further highlights the abuse of commonly exploited vulnerabilities by at least 15 Chinese hacking groups, underscoring the pervasive threat landscape.

To mitigate risks, organizations are advised to evaluate their exposure to affected technologies, enhance visibility into potential threats, and prioritize robust patch management practices. Additional recommendations include minimizing the internet-facing exposure of vulnerable devices and leveraging comprehensive threat intelligence to stay ahead of evolving attack vectors. With active exploitation in progress, timely action is crucial to safeguard critical infrastructure and enterprise systems.

Reference:
  • CISA Warns Agencies to Patch Critical Array Networks Flaw Amid Active Exploitation
Tags: Array NetworksCISACyber AlertsCyber Alerts 2024Cyber threatsNovember 2024Vulnerabilities
ADVERTISEMENT

Related Posts

Hackers Target Libraesva Email Flaw

Hackers Target Libraesva Email Flaw

September 30, 2025
Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

September 30, 2025
Hackers Target Libraesva Email Flaw

Cisco Warns Of IOS Zero Day Bug

September 30, 2025
Fake Microsoft Teams Installers Spread

Fake Microsoft Teams Installers Spread

September 30, 2025
Fake Microsoft Teams Installers Spread

Cybercriminals Use Facebook Google Ads

September 30, 2025
Fake Microsoft Teams Installers Spread

CISA Warns Of Critical Sudo Flaw

September 30, 2025

Latest Alerts

Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

Cisco Warns Of IOS Zero Day Bug

CISA Warns Of Critical Sudo Flaw

Cybercriminals Use Facebook Google Ads

Fake Microsoft Teams Installers Spread

Subscribe to our newsletter

    Latest Incidents

    Ukrainian Hackers Breach Crimean Servers

    Ransomware Gang Claims Maryland Breach

    Arizona School District Data Breach

    Attackers Take Down Asahi Brewer

    Harrods Alerts Customers To Breach

    Hackers Steal Photos From Kido Nursery

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial