Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

Source: Federal Bureau of Investigation FBI Crime News

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” today to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.  

Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors. In addition to compromising the SolarWinds Orion software supply chain, recent SVR activities include targeting COVID-19 research facilities via WellMess malware and targeting networks through the VMware vulnerability disclosed by NSA. This was highlighted in NSA’s Cybersecurity Advisory, “Russian State-Sponsored Actors Exploiting Vulnerability in Workspace ONE Access Using Compromised Credentials.”

NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations. NSA, CISA, and FBI also recognize all partners in the private and public sectors for comprehensive and collaborative efforts to respond to recent Russian activity in cyberspace.

NSA encourages its customers to mitigate against the following publicly known vulnerabilities:

  • CVE-2018-13379 Fortinet FortiGate VPN
  • CVE-2019-9670 Synacor Zimbra Collaboration Suite
  • CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN
  • CVE-2019-19781 Citrix Application Delivery Controller and Gateway
  • CVE-2020-4006 VMware Workspace ONE Access

For more information, review the advisory or visit NSA.gov/cybersecurity-guidance.

View the infographic on understanding the threat and how to take action.

46-Year Fugitive Arrested Thanks to NTOC Tip

Source: Federal Bureau of Investigation FBI Crime News

When someone calls the FBI to report a tip, it’s the National Threat Operations Center staff who picks up the phone and receives that information. The center’s threat intake examiners also receive the online tips sent in through tips.fbi.gov.

Threat intake examiners work around the clock to assess and forward information to the Bureau’s field offices and other law enforcement partners.

Below are two recent examples of NTOC’s work.

Longtime Fugitive Arrested

In June 2020, NTOC received a call about a wanted fugitive who shot a police officer in the early 1970s. The subject was imprisoned after the shooting but escaped when he was transferred to a hospital in 1974.

The caller provided the fugitive’s current address, which was in New Mexico.

No Average Call

The FBI’s National Threat Operations Center works day and night to ensure each of the calls and electronic tips it receives is evaluated rapidly and handled appropriately.

Security News in Brief: Tax Attorney Indicted for Facilitating Tax Fraud

Source: United States Department of Justice News

A federal grand jury in San Francisco returned an indictment today charging a Houston-based tax attorney of conspiring with the Chairman and Chief Executive Officer of a private equity firm to defraud the IRS. The grand jury further charged him with three counts of aiding and assisting in the preparation of the CEO’s false tax returns for the 2012 to 2014 tax years.

Security News in Brief: Former Chief Executive Officer of Publicly Traded Petrochemical Company Pleads Guilty to Foreign Bribery and Securities Law Violations

Source: United States Department of Justice News

A Brazilian national who previously served as a chief executive officer (CEO) of Braskem S.A. (Braskem), a publicly traded Brazilian petrochemical company, pleaded guilty today to conspiring to divert hundreds of millions of dollars from Braskem into a secret slush fund and to pay bribes to government officials, political parties, and others in Brazil to obtain and retain business.