Suspected Chinese threat actors have exploited a recently fixed Fortinet FortiOS zero-day vulnerability, tracked as CVE-2022-42475, to launch attacks with the new Boldmove malware targeted at a European government organization and an African managed service provider, according to The Record, a news site by cybersecurity firm Recorded Future.
Based on the C programming language, the novel Boldmove malware has Windows and Linux variants, with the latter used to achieve full remote control of Fortinet devices, a report from Mandiant revealed.
Threat actors have yet to leverage the Windows variant of the backdoor, which was compiled in 2021, said researchers, who have associated the attacks with Chinese hackers based on their tactics. Networking devices have been a common target of attacks due to the absence of a mechanism to identify malicious activity.
"This makes network devices a blind spot for security practitioners and allows attackers to hide in them and maintain stealth for long periods, while also using them to gain a foothold in a targeted network," said the report.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news