The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly published an advisory on Thursday warning that Russian APT operators are exploiting five publicly known and already fixed vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.
The urgent advisory was issued by the U.S. authorities to call attention to a quintet of CVEs that are being actively exploited by a threat actor associated with Russia’s foreign intelligence service (SVR). According to the NSA, the five vulnerabilities should be prioritized for patching alongside the latest batch of Exchange Server updates published by Microsoft earlier this week.
NSA took up mitigation of known vulnerabilities in the SolarWinds Orion software supply chain, the use of WellMess malware against COVID-19 researchers, and network attacks exploiting VMware vulnerability. They left little doubt that quick action is necessary to protect against those attack vectors.
“Mitigation against these vulnerabilities is critically important as the U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” NSA, CISA, and FBI said.
“NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations,” the agencies added.
The vulnerabilities flagged by the agencies are:
• CVE-2018-13379 Fortinet FortiGate VPN
• CVE-2019-9670 Synacor Zimbra Collaboration Suite
• CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
• CVE-2019-19781 Citrix Application Delivery Controller and Gateway
• CVE-2020-4006 VMware Workspa ..
Support the originator by clicking the read the rest link below.
