Security News > 2021 > April > NSA: 5 Security Bugs Under Active Nation-State Cyberattack

According to the U.S. National Security Agency, which issued an alert Thursday, the advanced persistent threat group known as APT29 is conducting "Widespread scanning and exploitation against vulnerable systems in an effort to obtain authentication credentials to allow further access."

The five bugs under active attack are known, fixed security holes in platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware that organizations should patch immediately, researchers warned.

"Vulnerabilities in two VPN systems, two virtualization platforms and one collaboration solution seem to be a mighty combo," Dirk Schrader, global vice president of security research at New Net Technologies, told Threatpost.

Attackers can exploit it to gain access to credentials to further their access or as an initial foothold into a target network.

Last April, the Department of Homeland Security began urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN family.

In December the NSA warned that foreign adversaries were zeroing in on exploiting the flaw, despite patches rolling out just days earlier.

News URL

https://threatpost.com/nsa-security-bugs-active-nation-state-cyberattack/165446/