Security News > 2020 > September > Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.
The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.
CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security.
The threat actors have been spotted successfully exploiting two common vulnerabilities - allowing them to compromise federal government and commercial entities, according to CISA. The first is a vulnerability in F5's Big-IP Traffic Management User Interface, which allows cyber threat actors to execute arbitrary system commands, create or delete files, disable services, and/or execute Java code.
Threat actors were also observed hunting for Citrix VPN Appliances vulnerable to CVE-2019-19781, which is a flaw that enables attackers to execute directory traversal attacks.
News URL
https://threatpost.com/hackers-gov-microsoft-exchange-f5-exploits/159226/
Related news
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Microsoft investigates global Exchange Admin Center outage (source)
- Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in six months (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- Microsoft fixes Exchange Online bug flagging Gmail emails as spam (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |