The Inner Circle

NSA published: State-Sponsored Actors Exploit Publicly Known Vulnerabilities

  • 1.  NSA published: State-Sponsored Actors Exploit Publicly Known Vulnerabilities

    Posted Oct 26, 2020 09:04:00 AM
      |   view attached
    Hi All,

    The NSA just published: State-Sponsored Actors Exploit Publicly Known Vulnerabilities

    This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by
    Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
    Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are
    directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for
    remote access (T1133) or for external web services (T1190) and should be prioritized for immediate patching. While
    some vulnerabilities have specific additional mitigations below, the following mitigations generally apply:

     Keep systems and products updated and patched as soon as possible after patches are released.
     Expect that data stolen or modified (including credentials, accounts, and software) before the device was patched
    will not be alleviated by patching, making password changes, and reviews of accounts a good practice.
     Disable external management capabilities and set up an out-of-band management network.
     Block obsolete or unused protocols at the network edge and disable them in device configurations
     Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal
    network.
     Enable robust logging of Internet-facing services and monitor the logs for signs of compromise.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------