The Open Web Application Security Project reshuffles its list of top threats, putting broken access controls and cryptographic failures at the top and creating three new risk categories.
US Issues Russian SVR Warning
America has issued a cybersecurity advisory that urges organizations to patch vulnerabilities it says are being exploited by Russian Foreign Intelligence Service (SVR) actors.
The warning was jointly issued on April 15 by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), as the US announced new sanctions against Russia.
Titled Russian SVR Targets US and Allied Networks, the advisory lists five publicly known vulnerabilities and calls for network defenders to act quickly to prevent future loss of sensitive information.
The vulnerabilities the United States says are being exploited by SVR are CVE-2018-13379 Fortinet FortiGate VPN, CVE-2019-9670 Synacor Zimbra Collaboration Suite, CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN, CVE-2019-19781 Citrix Application Delivery Controller and Gateway, and CVE-2020-4006 VMware Workspace ONE Ac