A set of flaws in a widely used network communication protocol that could affect millions of devices has been revealed by Forescout Research Labs and JSOF Research. The nine vulnerabilities discovered by security researchers dramatically increase the attack surface of at least 100 million Internet of Things devices, exposing them to potential attacks that could take the devices offline or to be hijacked by threat actors.
The Pentagon with the Washington Monument and National Mall in the background. Pulse Secure on Monday released a patch for the zero-day vulnerability that hackers used to access the networks of U.S. defense contractors and other government agencies worldwide. (U.S. Air Force Photo by Senior Airman Perry Aston)
Pulse Secure on Monday released a patch for the zero-day vulnerability that hackers used to access the networks of U.S. defense contractors and other government agencies worldwide.
In a blog posted April 20, FireEye said Chinese-based UNC2630 leveraged CVE-2021-22893 to gain access to Pulse Secure VPN equiptment and move laterally. A second threat actor, UNC2717, was also identified exploiting Pulse Secure VPN equipment, but FireEye could not connect them to UNC2630. Â
A set of flaws in a widely used network communication protocol that could affect millions of devices has been revealed by Forescout Research Labs and JSOF Research. The nine vulnerabilities discovered by security researchers dramatically increase the attack surface of at least 100 million Internet of Things devices, exposing them to potential attacks that could take the devices offline or to be hijacked by threat actors.
Dive Brief:
About 25% of power utilities were exposed to the SolarWinds hack, officials at the North American Electric Reliability Corp. (NERC) said on Tuesday, though no subsequent activity from hackers was detected beyond the initial breach.
A much smaller number of utilities revealed that the vulnerability reached into operational technology (OT) and industrial control systems, but NERC said overall there were few operational impacts from the attack. Security experts warn it may be too soon to tell, however, if all of the SolarWinds impacts and vulnerabilities have been found or addressed.
The White House is rushing to develop a plan to protect the United States grid, including from supply chain vulnerabilities like the SolarWinds breakdown. Bloomberg reported on a draft of the plan, which includes an examination of vulnerabilities in grid components, incentives for security upgrades and an audit of high-impact points in utility systems.
);
//]]>// >By John P. Mello Jr.
Apr 14, 2021 4:00 AM PT
A set of flaws in a widely used network communication protocol that could affect millions of devices was revealed Monday by security researchers.
The nine vulnerabilities discovered by Forescout Research Labs and JSOF Research dramatically increase the attack surface of at least 100 million Internet of Things devices, exposing them to potential attacks that could take the devices offline or to be hijacked by threat actors. History has shown that controlling IoT devices can be an effective tactic to launch DDoS attacks, said Rohit Dhamankar, vice president for threat intelligence products at Alert Logic, an application and infrastructure security company in Houston.