Hi All,
The NSA just published: State-Sponsored Actors Exploit Publicly Known Vulnerabilities
This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by
Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.
Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are
directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for
remote access (T1133) or for external web services (T1190) and should be prioritized for immediate patching. While
some vulnerabilities have specific additional mitigations below, the following mitigations generally apply:
Keep systems and products updated and patched as soon as possible after patches are released.
Expect that data stolen or modified (including credentials, accounts, and software) before the device was patched
will not be alleviated by patching, making password changes, and reviews of accounts a good practice.
Disable external management capabilities and set up an out-of-band management network.
Block obsolete or unused protocols at the network edge and disable them in device configurations
Isolate Internet-facing services in a network Demilitarized Zone (DMZ) to reduce the exposure of the internal
network.
Enable robust logging of Internet-facing services and monitor the logs for signs of compromise.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------