cloudThing logo in white
Menu open icon
email: info@cloudthing.com
tel: +44 (0) 121 393 4700
Menu closed icon

General

Generally useful pages

Sectors

We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

NSA Reveal 25 Vulnerabilities That Need Patching…Now

Mon Oct 26 2020

NSA claim Chinese sponsored hackers are exploiting these vulnerabilities

The US’s National Security Agency (the NSA) has released a warning to all Government agencies and the cyber security sector, listing 25 vulnerabilities they’ve identified that they claim Chinese Cyber Actors are currently exploiting.

According to their warning, all these bugs are currently public with patches available from vendors to be fixed ASAP. They feel the Chinese sponsored Nation State Actors are actively looking for these bugs to gain access to networks. To do this they’re exploiting products “that are directly accessible from the Internet and act as gateways to internal networks”

open quote mark

The majority of the products are either for remote access (T1133) or for external web services (T1190) and should be prioritised for immediate patching.

NSA Advisory Release

close quote mark

The NSA has seen ransomware and malware criminals exploiting these bugs recently as well as state sponsored actors from Iran and Russia. They’ve also said they’ve tracked several Chinese attacks in recent months, compromising the IT networks of the US Department of Defence, the US Defence Industrial Base and National Security Systems.

 

Whether these bugs are or aren’t currently being used by state sponsored cyber actors, it’s well worth getting them patched and your cyber security up to date as the list of vulnerabilities includes bugs like Zerologon in Microsoft Windows as well as other critical vulnerabilities affecting Citrix Gateway, Windows Server, Pulse Connect Secure, Adobe ColdFusion, F5 BIG-IP proxy/load balancer devices, Oracle WebLogic Server and other products.

 

The security bugs are:

 

  • CVE-2019-11510
  • CVE-2019-19781
  • CVE-2020-15505
  • CVE-2019-11580
  • CVE-2020-10189
  • CVE-2019-18935
  • CVE-2020-5902
  • CVE-2020-8193
  • CVE-2020-8196
  • CVE-2020-8195
  • CVE-2020-1350
  • CVE-2020-1472
  • CVE-2019-0708
  • CVE-2019-1040
  • CVE-2020-0688
  • CVE-2018-6789
  • CVE-2018-4939
  • CVE-2020-2555
  • CVE-2015-4852
  • CVE-2019-3396
  • CVE-2019-0803
  • CVE-2020-0601
  • CVE-2017-6327
  • CVE-2020-8515
  • CVE-2020-3118

 

The NSA has warned all government agencies, as well as private companies, to get these patched ASAP to help mitigate the loss of sensitive information that could “impact US policies, strategies, plans and competitive advantage”.

Not Quite Ready To Get Back To Work Just Yet?

DON’T FORGET: MICROSOFT’S UPCOMING LICENSING DEADLINES ARE NEARLY HERE

FLEXIBLE CLOUD LICENSING

ACCELERATE FUNDRAISING & ENGAGEMENT WITH CLOUDTHING & MICROSOFT

Contact Us

Name

*

Company Name

*

Email Address

*

Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2020

Mon Oct 26 2020

email iconinfo@cloudthing.com
© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739