Warning from NSA, FBI: Beware of these 20 software bugs most used by hackers
The National Security Agency (NSA), the Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) have listed the top 20 software bugs that Chinese-sponsored hackers have discovered. used to penetrate the network since 2020.
The advisory emphasized that China-backed hackers actively target not only the networks of the US government and its allies but also software and hardware companies in the supply chain to steal intellectual property and access sensitive networks. These hackers pose an active threat to the IT and telecommunications sector, defense industry facilities, and critical infrastructure owners and operators.
“NSA, CISA and FBI continue to evaluate [People’s Republic of China] They note that PRC state-sponsored cyber operations represent one of the largest and most dynamic threats to US government and civilian networks.
CISA this week disclosure that a number of state-backed attack groups were active on defense industry premises enterprise networks after gaining access through their Microsoft Exchange Server infrastructure from around mid-January 2021. Exchange Server is currently being attacked by newly discovered vulnerabilities similar to last year’s ProxyShell.
Among the top 20 bugs used by Chinese-backed hackers are 4 Microsoft Exchange Server bugs: CVE-2021-26855, a remote code execution bug, as well as CVE-2021-26857, CVE-2021-26858and CVE-2021-27065. These are all part of an Exchange Server ProxyLogon pre-authentication vulnerability disclosed in 2021.
Microsoft in July warned of these bugs used combined with malware tailored for networks that use Microsoft’s Internet Information Services (IIS) web server to host Outlook on the web.
Other commonly used bugs include bugs in Apache Log4Shell and bugs in the site hosting GitLab code, F5’s networking appliances, VPN endpoints, and popular server products from VMware, Cisco, and Citrix.
All bugs are publicly known and pose a risk to organizations that have not applied available software and software updates.
GitLab and Error Atlassian Confluence prominent examples of hackers targeting IT operations tools and developers.
CISA notes: “These state-sponsored organizations continue to use virtual private networks (VPNs) to obfuscate their activities and target web-based applications to establish initial access to the Internet. head”.
Many of the “top 20″ vulnerabilities allow stealth actors to gain unauthorized access to sensitive networks, then seek to establish persistence and migrate to internally connected networks. another set,” it added.
These agencies recommend patching systems, using multi-factor authentication, disabling unused protocols at the network edge, removing end-of-life devices, and adopting a trustless model in person, device, or application and enables logging of systems using the internet.
The top errors used as of 2020 are listed in the table below.
Seller |
CVE |
Vulnerability type |
Apache Log4j |
CVE-2021-44228 |
Remote code execution |
Pulse Connect Secure |
CVE-2019-11510 |
Read arbitrary files |
GitLab CE / EE |
CVE-2021-22205 |
Remote code execution |
Atlassian |
CVE-2022-26134 |
Remote code execution |
Microsoft Exchange |
CVE-2021-26855 |
Remote code execution |
F5 Big-IP |
CVE-2020-5902 |
Remote code execution |
VMware vCenter Server |
CVE-2021-22005 |
Upload arbitrary files |
Citrix ADC |
CVE-2019-19781 |
Pass through the path |
Cisco Hyperflex |
CVE-2021-1497 |
Command line execution |
Buffalo WSR |
CVE-2021-20090 |
Relative path transmission |
Atlassian Confluence Server and Data Center |
CVE-2021-26084 |
Remote code execution |
Hikvision web server |
CVE-2021-36260 |
Injection command |
Sitecore XP |
CVE-2021-42237 |
Remote code execution |
F5 Big-IP |
CVE-2022-1388 |
Remote code execution |
Apache |
CVE-2022-24112 |
Bypass authentication by spoofing |
ZOHO |
CVE-2021-40539 |
Remote code execution |
Microsoft |
CVE-2021-26857 |
Remote code execution |
Microsoft |
CVE-2021-26858 |
Remote code execution |
Microsoft |
CVE-2021-27065 |
Remote code execution |
Apache HTTP Server |
CVE-2021-41773 |
Pass through the path |