Mon Oct 26 2020
NSA claim Chinese sponsored hackers are exploiting these vulnerabilities
The US’s National Security Agency (the NSA) has released a warning to all Government agencies and the cyber security sector, listing 25 vulnerabilities they’ve identified that they claim Chinese Cyber Actors are currently exploiting.
According to their warning, all these bugs are currently public with patches available from vendors to be fixed ASAP. They feel the Chinese sponsored Nation State Actors are actively looking for these bugs to gain access to networks. To do this they’re exploiting products “that are directly accessible from the Internet and act as gateways to internal networks”
The majority of the products are either for remote access (T1133) or for external web services (T1190) and should be prioritised for immediate patching.
The NSA has seen ransomware and malware criminals exploiting these bugs recently as well as state sponsored actors from Iran and Russia. They’ve also said they’ve tracked several Chinese attacks in recent months, compromising the IT networks of the US Department of Defence, the US Defence Industrial Base and National Security Systems.
Whether these bugs are or aren’t currently being used by state sponsored cyber actors, it’s well worth getting them patched and your cyber security up to date as the list of vulnerabilities includes bugs like Zerologon in Microsoft Windows as well as other critical vulnerabilities affecting Citrix Gateway, Windows Server, Pulse Connect Secure, Adobe ColdFusion, F5 BIG-IP proxy/load balancer devices, Oracle WebLogic Server and other products.
The security bugs are:
The NSA has warned all government agencies, as well as private companies, to get these patched ASAP to help mitigate the loss of sensitive information that could “impact US policies, strategies, plans and competitive advantage”.
Mon Oct 26 2020