NSA has issued an advisory to patch 25 critical vulnerabilities across several products such as Windows, Windows Server, Pulse Connect Secure, Citrix Gateway, Adobe ColdFusion, etc., currently being exploited by China hackers. These vulnerabilities were “recently leveraged, scanned-for, and preyed upon by Chinese state-sponsored cyber actors.â€
The United States National Security Agency (NSA) issued an advisory to urge cybersecurity professionals and security teams in organizations to implement safeguards against some of the most highly exploited system vulnerabilities. The advisory contained a list of the 25 most commonly exploited vulnerabilities by the Chinese state-sponsored hackers.
Anne NeubergerOpens a new window , Cybersecurity Director at the NSA, said, “We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.â€
NSA’s advisory comes a day after the Department of Justice’s indictmentOpens a new window of six Russian Main Intelligence Directorate (GRU) officers. GRU is a military intelligence agency of Russia’s General Staff of the Armed Forces. Recently, the U.K.’s National Cyber Security Centre (NCSC) also reported plans by Russian hackers to attack the 2020 Tokyo Olympics.
Despite this, the NSA in their advisory stated that Chinese state-sponsored malicious cyber activity poses “one of the greatest threats to the U.S. National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and Department of Defense (DoD).â€
According to the intelligence agency, Chinese hackers constantly target sensitive intellectual property, economic, political, and military information. They also have much to gain, depending upon the outcome of the November 2020 U.S. presidential elections.
See Also: Political Cost of Data Leaks: Data Security in the Crosshairs
All of the 25 listed vulnerabilities are known, with some going back to years while some CVEs were discovered last month. However, the bad news is that these vulnerabilities stem from internet-facing products and are out in the wild. But patches for all 25 vulnerabilities are readily available.
Besides patching up the vulnerabilities, the NSA has also advised the following:
- Update systems and products with patches as soon as they’re availableÂ
- Any data that was stolen or modified before applying patches is still compromised. Therefore, make a habit out of changing passwords and reviewing accountsÂ
- Disable external management capabilities and set up an out-of-band management networkÂ
- Block obsolete protocols at the network edge and disable unused protocols in device configurationsÂ
- Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal networkÂ
- Maintain a log of Internet-facing services and monitor them for signs of compromise
Affected devices include Windows, Windows Server, Pulse Connect Secure, Citrix Gateway, Adobe ColdFusion, Oracle WebLogic Server, F5 BIG-IP proxy/load balancer devices, etc.
All of the 25 listed vulnerabilities can be accessed in NSA’s advisory hereOpens a new window .
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!