Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.
Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.
Businesses hacked through SonicWall’s Email Security flaws
Researchers have found evidence that hackers have exploited three severe zero-day vulnerabilities in SonicWall’s Email Security platform to breach the network of an unidentified business.
Updated Emotet toolkit ends 2020 as most dangerous malware 6 of the best free malware removal tools in 2023 The top 12 password-cracking techniques used by hackers
Cyber criminals are said to have chained three flaws, CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, together to install a backdoor, access files and emails, and move across the victim’s organisation. These vulnerabilities were first discovered in March 2021, and a hotfix was made available for the first two flaws on 9 April 2021. SonicWall then released a fix for the final vulnerability this week, before disclosing details of the exploitation.
Hackers exploit Pulse Secure VPN flaws
Two major hacking groups have deployed a dozen malware families to compromise US and European organisations by exploiting vulnerabilities in Pulse Secure’s VPN platform.
Tracked as CVE-2021-22893, the critical remote code execution flaw in Pulse Connect Secure is rated a maximum of ten on the threat severity scale. It was chained with other previously known flaws in Pulse Secure products to infiltrate a series of organisations, including those in the US defence sector. An alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) confirmed multiple government agencies and critical organisations in the US were breached.
Ivanti, Pulse Secure’s parent company, has released a number of mitigations, although a full patch won’t be available until next month. The purpose of the hack, and its scale, isn’t fully clear, although FireEye researchers have linked the attack to Chinese state-backed groups.
Telegram used to remotely control ToxicEye malware
Hackers are using the Telegram instant messaging app to remotely control and distribute several malware families, including ToxicEye.
Researchers with Check Point Research (CPR) have so far found evidence of more than 130 cyber attacks involving ToxicEye that were managed through Telegram. Telegram-based malware is a growing trend and coincides with the app’s increasing popularity.
This approach allows hackers to send malicious commands and operations through the app, even if Telegram isn’t installed or being used by the victim. Attackers simply begin the process by creating a Telegram account and a dedicated bot. They then execute commands to spread the malware through spam campaigns as well as through email attachments.
Benefits of using Telegram include the fact it’s a legitimate and easy-to-use app that isn’t blocked by any enterprise security software or network management tools. Anonymity also means that attackers are difficult to identify, given you only need a phone number to create an account. Unique features in Telegram also mean attackers can easily exfiltrate data from victims’ PCs and transfer new malicious files to infected machines.
Google fixes another actively exploited Chrome bug
Google patched seven vulnerabilities this week including another zero-day flaw that has been actively exploited, adding to a growing list of flaws in the web browser that hackers have hijacked this year.
Tracked as CVE-2021-21224, this vulnerability was described as "type confusion in V8", although the precise attack mechanism or the consequences of successful exploitation weren’t disclosed. This bug follows two more Google Chrome flaws that were patched in recent months, including CVE-2021-21220 and CVE-2021-21166, both described as memory corruption bugs.
-
Licensed mmWave: Opportunity or overhead?Industry Insights Ofcom’s latest mmWave auction unlocks major new capacity for 5G and FWA, offering a faster, more flexible complement to fiber - especially in dense urban areas
-
CISA issues alert as China-linked hackers exploit Brickstorm malware to target VMware serversNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
