Weekly threat roundup: Google Chrome, Pulse Secure, Telegram

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Businesses hacked through SonicWall’s Email Security flaws

Researchers have found evidence that hackers have exploited three severe zero-day vulnerabilities in SonicWall’s Email Security platform to breach the network of an unidentified business.

Cyber criminals are said to have chained three flaws, CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, together to install a backdoor, access files and emails, and move across the victim’s organisation. These vulnerabilities were first discovered in March 2021, and a hotfix was made available for the first two flaws on 9 April 2021. SonicWall then released a fix for the final vulnerability this week, before disclosing details of the exploitation.

Hackers exploit Pulse Secure VPN flaws

Two major hacking groups have deployed a dozen malware families to compromise US and European organisations by exploiting vulnerabilities in Pulse Secure’s VPN platform.

Tracked as CVE-2021-22893, the critical remote code execution flaw in Pulse Connect Secure is rated a maximum of ten on the threat severity scale. It was chained with other previously known flaws in Pulse Secure products to infiltrate a series of organisations, including those in the US defence sector. An alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) confirmed multiple government agencies and critical organisations in the US were breached.

Ivanti, Pulse Secure’s parent company, has released a number of mitigations, although a full patch won’t be available until next month. The purpose of the hack, and its scale, isn’t fully clear, although FireEye researchers have linked the attack to Chinese state-backed groups.

Telegram used to remotely control ToxicEye malware 

Hackers are using the Telegram instant messaging app to remotely control and distribute several malware families, including ToxicEye.

Researchers with Check Point Research (CPR) have so far found evidence of more than 130 cyber attacks involving ToxicEye that were managed through Telegram. Telegram-based malware is a growing trend and coincides with the app’s increasing popularity.

This approach allows hackers to send malicious commands and operations through the app, even if Telegram isn’t installed or being used by the victim. Attackers simply begin the process by creating a Telegram account and a dedicated bot. They then execute commands to spread the malware through spam campaigns as well as through email attachments.

Benefits of using Telegram include the fact it’s a legitimate and easy-to-use app that isn’t blocked by any enterprise security software or network management tools. Anonymity also means that attackers are difficult to identify, given you only need a phone number to create an account. Unique features in Telegram also mean attackers can easily exfiltrate data from victims’ PCs and transfer new malicious files to infected machines.

Google fixes another actively exploited Chrome bug

Google patched seven vulnerabilities this week including another zero-day flaw that has been actively exploited, adding to a growing list of flaws in the web browser that hackers have hijacked this year.

Tracked as CVE-2021-21224, this vulnerability was described as "type confusion in V8", although the precise attack mechanism or the consequences of successful exploitation weren’t disclosed. This bug follows two more Google Chrome flaws that were patched in recent months, including CVE-2021-21220 and CVE-2021-21166, both described as memory corruption bugs.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021