Wednesday, April 21, 2021

major software security breach; Rus rallies

 Lately networking devices, which can be hard for companies to monitor, have emerged as a favored avenue for digital spies.  In 2020 FireEye warned that Beijing-aligned hackers were targeting devices manufactured by Citrix Systems Inc(CTXS.O) and Cisco Systems Inc(CSCO.O) to break into a host of companies in what it described as one of the broadest campaigns by a Chinese actor that it had seen in years.

At least two groups of China-linked hackers have spent months using a previously undisclosed vulnerability in American virtual private networking devices to spy on the U.S. defense industry, researchers and the devices' manufacturer said Tuesday.  Utah-based IT company Ivanti said in a statement the hackers took advantage of the flaw in its Pulse Connect Secure suite to break into systems of "a very limited number of customers."  Ivanti said that while mitigations were in place, a fix for the issue would be unavailable until early May….

FireEye declined to name the hackers' targets, identifying them only as "defense, government, and financial organizations around the world."  It said the group of hackers suspected of working on Beijing's behalf were particularly focused on the U.S. defense industry.  https://www.reuters.com/technology/china-linked-hackers-used-pulse-secure-flaw-target-us-defense-industry-2021-04-20/

……………………………………………………………….

4-20-21   Over the past few months several cyberespionage groups, including one believed to be tied to the Chinese government, have been breaking into the networks of organizations from the United States and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure (of Utah).  Some of the flaws date from 2019 and 2020, but one was unknown until this month.

"Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices," researchers from Mandiant, the MDR and incident response arm of security vendor FireEye, said in a newly released report.  "These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations.  It is likely that multiple actors are responsible for the creation and deployment of these various code families."

While investigating breaches this year at various defense, government and financial organizations from around the world, the Mandiant team kept finding malicious activity in the compromised environments tracing back to their Pulse Secure VPN appliances where hackers had obtained administrative access.  The experts couldn't determine how the hackers gained administrative credentials, so it contacted Pulse Secure and its parent company Ivanti.  Their investigation concluded that the attackers were likely using known vulnerabilities found and patched over the past two years but also a previously unknown one.

Tracked as CVE-2021-22893, the flaw allows attackers to bypass authentication on the Pulse Connect Secure (PCS) VPN solution and execute arbitrary code.  The vulnerability is rated critical with a severity score of 10 on the CVSS scale.  https://www.csoonline.com/article/3615283/spy-groups-hack-into-companies-using-zero-day-flaw-in-pulse-secure-vpn.html

…………….............................................................................................................................. 



photos from Vladivostok, Omsk, 4-21-21  https://www.rferl.org/a/russia-protests-navalny/31215531.html

…………...................................................................................................

OVD-Info, a group that monitors protests and detentions, said 1,496 people had been arrested, including 662 in St. Petersburg and 95 in the Urals city of Ufa.

The state human rights commissioner, Tatyana Moskalkova, said four doctors from outside the federal prison agency had visited Navalny on Tuesday and found no serious health problems.

https://www.reuters.com/world/russia-rounds-up-almost-200-people-protests-over-navalnys-failing-health-2021-04-21/

………………………….................................…

Liptser said Navalny looked weak and thinner.  He said he had been searched for two hours on arrival at the Vladimir penal colony where Navalny on Apr. 18 was moved that has a hospital.  https://news.yahoo.com/hunger-striking-navalny-being-transferred-111042071.html

St. Petersburg, 4-21-21

                      white cedar cones, 4-21-21

                St. Petersburg, 4-21-21

No comments:

Post a Comment