fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NSA: Top 25 Vulnerabilities Actively Abused By Chinese Hackers

NSA: Top 25 Vulnerabilities Actively Abused By Chinese Hackers

The U.S. National Security Agency (NSA) is warning that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against United States organizations and interests.

In an advisory issued today, the NSA is aware of targeted attacks by Chinese state-sponsored hackers against National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and the Department of Defense (DoD) information networks.

As part of these attacks, the NSA has seen twenty-five publicly disclosed vulnerabilities exploited to gain access to networks, deploy malicious mobile apps, and spread laterally through a system while attackers steal sensitive data.

The NSA is advising all organizations to immediately patch vulnerable devices to protect against cyberattacks that lead to data theft, banking fraud, and ransomware attacks.

“We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,” NSA Cybersecurity Director Anne Neuberger said. “We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.”

Also Read: 6 Simple Guides On PDPA Clause For Agreements Of Personal Data

Vulnerabilities used in different phases of attack

The NSA has categorized the vulnerabilities into different buckets to illustrate how they are being used in cyberattacks.

Exploit secure remote access: To gain access to networks, Chinese threat actors utilize seven different vulnerabilities, many of which also provide credentials that can be used to spread further on the network.

  • CVE-2019-11510 – A Pulse Secure VPN vulnerabilities that allow an unauthenticated attacker to gain access to VPN credentials.
  • CVE-2020-5902 – A F5 BIG-IP® 8 proxy / load balancer remote code execution vulnerability.
  • CVE-2019-19781 – A Citrix Application Delivery Controller (ADC) and Gateway directory traversal vulnerability, which can lead to remote code execution without credentials.
  • CVE-2020-8193 – Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP vulnerability allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users
  • CVE-2020-8195 – Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP vulnerability allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users
  • CVE-2020-8196 – Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP vulnerability allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users
  • CVE-2019-0708 – The Windows BlueKeep Remote Desktop Service vulnerability allows unauthenticated users to perform remote code execution.

Exploit Mobile Device Management (MDM): By compromising MDM servers, threat actors can push out malicious mobile apps or change device configurations that send traffic through attacker-controlled proxy servers or hosts.

  • CVE-2020-15505 – A remote code execution vulnerability in the MobileIron 13 mobile device management (MDM)

Exploit Active Directory for Lateral Movement and Credential Access: 

  • CVE-2020-1472 – The critical 10/10 Windows ZeroLogon Netlogon elevation of privilege vulnerability allows threat actors to quickly gain access to domain administrator credentials on a domain controller. From there, they can harvest sensitive data or deploy malware, such as ransomware.
  • CVE-2019-1040 – A Windows NTLM vulnerability allows attackers to reduce the built-in security for the Windows operating system.

Exploit public-facing servers: Attackers use these vulnerabilities to bypass authentication in web servers, email servers, or DNS to remotely execute commands on the internal network. For compromised web servers, attackers can utilize them in watering-hole attacks to target future visitors.

  • CVE-2020-1350 – The Windows DNS server SigRed vulnerability allows attackers to spread laterally through a network.
  • CVE-2018-6789 – An Exim mail server vulnerability allows unauthenticated, remote code execution.
  • CVE-2018-4939 – Adobe ColdFusion 14 vulnerability that could lead to arbitrary code execution

Also Read: The Top 10 Primary GDPR Requirements PDF To Secure Business

Exploit internal servers: These vulnerabilities are used to spread laterally throughout a network and gain access to internal servers, where the attackers can steal valuable data.

  • CVE-2020-0688 – A Microsoft Exchange vulnerability that allows authenticated users to perform remote code execution.
  • CVE-2015-4852 – The WLS Security component in Oracle WebLogic15 Server allows remote attackers to execute arbitrary commands via a crafted serialized Java16 object.
  • CVE-2020-2555 – A vulnerability exists in the Oracle® Coherence product of Oracle Fusion® Middleware. This easily exploitable 
  • CVE-2019-3396 – A server-side template injection vulnerability is present in the Widget Connector in Atlassian Confluence servers that allows remote attackers to perform remote code execution and path traversal.
  • CVE-2019-11580 – Attackers who can send requests to an Atlassian® Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, permitting remote code execution. This vulnerability was used in GandCrab ransomware attacks in the past.
  • CVE-2020-10189 – Zoho ManageEngine 18 Desktop Central vulnerability allows remote code execution. This bug was used in attacks to deploy backdoors.
  • CVE-2019-18935 – A vulnerability in Telerik 19 UI for ASP.NET AJAX can lead to remote code execution. It was seen used by a hacker group named ‘Blue Mockingbird’ to install Monero miners on vulnerable servers but could be used to spread laterally as well.

Exploit user work workstations for local privilege escalation: When an attacker gains access to a workstation, their ultimate goal is to gain administrative credentials or privileges. Using these vulnerabilities, a hacker can elevate their privileges to SYSTEM or administrator access.

  • CVE-2020-0601 – A Windows CryptoAPI Spoofing vulnerability discovered by the NSA allows attackers to spoof code-signing certificates to make malicious executables appear to be signed by a legitimate trusted company.
  • CVE-2019-0803 – An elevation of privilege vulnerability exists in Windows® when the Win32k component fails to properly handle objects in memory. 

Exploit network devices: This final bucket of vulnerabilities allows attackers to monitor and modify network traffic as it flows over the device. 

  • CVE-2017-6327 – The Symantec 22 Messaging Gateway can encounter a remote code execution issue.
  • CVE-2020-3118 – A Cisco ‘CDPwn’ vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS 23 XR Software could allow remote code execution.
  • CVE-2020-8515 – DrayTek Vigor 24 devices enable remote code execution as root (without authentication) via shell metacharacters

As Chinese state-sponsored hackers have been seen utilizing a combination of these vulnerabilities, it is strongly advised that all administrators patch them as soon as possible.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us