NSA: Top 5 Vulnerabilities Actively Abused by Russian Govt Hackers

Apr 17, 2021 | News

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.

In an advisory issued, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks.

The NSA is advising all organizations to immediately patch vulnerable devices to protect against cyberattacks that lead to data theft, banking fraud, and ransomware attacks.

“The vulnerabilities in today’s release are part of the SVR’s toolkit to target networks across the government and private sectors,” Rob Joyce, NSA Director of Cybersecurity, “We need to make SVR’s job harder by taking them away.”

The U.S. government strongly advises that all admins “urgently implement associated mitigations” for these vulnerabilities to prevent further attacks by the Russian SVR and other threat actors.

Below are the top five vulnerabilities the NSA, CISA, and the FBI have seen targeted by the Russian SVR.

CVE-2018-13379 targets Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12

CVE-2019-9670 targets Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10

CVE-2019-11510 targets Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4

CVE-2019-19781 targets Citrix ADC and Gateway versions before 13.0.47.24, 12.1.55.18, 12.0.63.13, 11.1.63.15 and 10.5.70.12 and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions before 10.2.6b and 11.0.3b.

CVE-2020-4006 targets VMware One Access 20.01 and 20.10 on Linux, VMware Identity Manager 3.3.1 – 3.3.3 on Linux, VMware Identity Manager Connector 3.3.1 – 3.3.3 and 19.03, VMware Cloud Foundation 4.0 – 4.1, and VMware Vrealize Suite Lifecycle Manager 8.x.

As the Russian SVR has been utilizing a combination of these vulnerabilities in their attacks, it is strongly advised that all administrators install the associated security updates immediately.

Reference: https://www.bleepingcomputer.com/news/security/nsa-top-5-vulnerabilities-actively-abused-by-russian-govt-hackers/

← Previous Next →

Posts by Topic

Alerts (3)
Best practices (10)
Business (15)
Cloud (1)
IT Blog (9)
News (142)
Privacy (11)
Security (21)
Small Business (12)
Technology (18)
Tip of the Week (3)

Mobile? Grab this Article!

NSA: Top 5 Vulnerabilities Actively Abused by Russian Govt Hackers qr1c37a58e8f6ec22f103ff2c4c2c02467 TechCess

CISA warns of Windows and UnRAR flaws exploited in the wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.One of them has spent more than two years as a zero-day bug in the Windows Support...

Contact Us

Learn more about what Techcess CyberSecurity Group can do for your business.

1-833-TXCYBER
1-833-892-9237

Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055

Techcess CyberSecurity Group

6110 Clarkson Lane
Houston, Texas 77055