NSA: 5 Security Bugs Under Active Nation-State Cyberattack
#1
Information 
Quote:The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies.
 
According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. Cozy Bear or The Dukes) is conducting “widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access.” The targets include U.S. and allied national-security and government networks, it added.
 
The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware (detailed below) that organizations should patch immediately, researchers warned.
 
“Some of these vulnerabilities also have working Metasploit modules and are currently being widely exploited,” said researchers with Cisco Talos, in a related posting on Thursday. “Please note that some of these vulnerabilities exploit applications leveraging SSL. This means that users should enable SSL decryption…to detect exploitation of these vulnerabilities.”
 
The NSA has linked APT29 to Russia’s Foreign Intelligence Services (SVR). The news comes as the U.S. formally attributed the recent SolarWinds supply-chain attack to the SVR and issued sanctions on Russia for cyberattacks and what President Biden called out as interference with U.S. elections.

Read more: NSA: 5 Security Bugs Under Active Nation-State Cyberattack | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>