US and UK govts warn: Russia scanning for your unpatched vulnerabilities
A joint US-UK advisory warns that Russian hackers APT29 are exploiting unpatched vulnerabilities in systems, urging organizations to enhance defenses, apply patches, and train employees against rising phone-assisted phishing scams.
Read original article
A joint advisory from the US and UK governments has warned that Russian hackers, specifically those linked to the Foreign Intelligence Service (SVR) and known as APT29, are actively scanning for unpatched vulnerabilities in internet-facing systems. This campaign is part of a broader effort to exploit known vulnerabilities, increasing the risk for organizations with outdated security measures. The advisory lists 24 Common Vulnerabilities and Exposures (CVEs) that the hackers are targeting, including significant flaws in Cisco and JetBrains software. The agencies recommend organizations enhance their cyber defenses by applying security patches, properly configuring systems, and disabling unnecessary services. Additionally, the rise of phone-assisted phishing scams has been noted, with scammers increasingly using phone calls to exploit trust. The advisory emphasizes the importance of employee training to recognize and avoid such scams. Other security updates include a critical vulnerability in GitLab that requires immediate patching and a new initiative by Google and partners to improve tracking of online scams through a Global Signal Exchange.
- Russian hackers are scanning for unpatched vulnerabilities in internet-facing systems.
- APT29, linked to the SolarWinds hack, is behind the ongoing campaign.
- Organizations are urged to apply security patches and enhance their cyber defenses.
- Phone-assisted phishing scams are on the rise, necessitating employee training.
- GitLab has released critical patches for vulnerabilities in its software.
Related
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
Russian government hackers used spyware exploits made by NSO and Intellexa
Russian hackers are exploiting vulnerabilities similar to those from NSO Group, targeting Mongolian government websites and affecting iPhone and Android users. Google urges software updates to mitigate risks.
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks
Suspected Russian hackers linked to APT29 Cozy Bear executed "watering hole" attacks on Mongolian government websites, targeting unpatched devices with exploits similar to commercial spyware, highlighting ongoing cybersecurity risks.
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft warns of a critical vulnerability, CVE-2024-43491, in Windows 10, version 1507, exploited to reverse security fixes. Users should install specific updates. Adobe also issued patches for critical flaws.
1 commentsRelated
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
Russian government hackers used spyware exploits made by NSO and Intellexa
Russian hackers are exploiting vulnerabilities similar to those from NSO Group, targeting Mongolian government websites and affecting iPhone and Android users. Google urges software updates to mitigate risks.
Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks
Suspected Russian hackers linked to APT29 Cozy Bear executed "watering hole" attacks on Mongolian government websites, targeting unpatched devices with exploits similar to commercial spyware, highlighting ongoing cybersecurity risks.
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft warns of a critical vulnerability, CVE-2024-43491, in Windows 10, version 1507, exploited to reverse security fixes. Users should install specific updates. Adobe also issued patches for critical flaws.