The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them.


Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are...


  • CVE-2019-19781 in Citrix NetScaler

  • CVE-2020-15505 in MobileIron

  • CVE-2019-11510 in Pulse Secure

  • CVE-2020-2021 in Palo Alto Networks

  • CVE-2020-5902 in F5 BIG-IP

  • CVE-2018-13379 in Fortinet FortiOS SSL VPN.

  • ...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, which is exploited to escalate one's privileges, via the Netlogon protocol, to domain-level administrator access, granting total control.


    So, for instance, we're told, miscreants can use, and have used, the Fortinet bug to obtain the usernames and plain-text passwords of SSL VPN users from the gateway's memory, log in as them, and then use ZeroLogon to infiltrate the network's central ..