The Register: US and UK govts warn: Russia scanning for your unpatched vulnerabilities

Source URL: https://www.theregister.com/2024/10/12/russia_is_targeting_you_for/
Source: The Register
Title: US and UK govts warn: Russia scanning for your unpatched vulnerabilities

Feedly Summary: Also, phishing’s easier over the phone, and your F5 cookies might be unencrypted, and more
in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick.…

AI Summary and Description: Yes

**Summary:** The text discusses several significant cybersecurity developments, including a joint advisory from US and UK agencies about a Russian hacking campaign, the rise of telephone-oriented attack delivery (TOAD) scams, security recommendations for F5 systems, vulnerabilities in GitLab software, and a new anti-scam initiative led by Google. These issues emphasize the critical need for organizations to prioritize security patching and employee training to combat evolving threats.

**Detailed Description:**
The provided text covers a multitude of recent cybersecurity issues that are highly relevant to professionals in the fields of security, privacy, and compliance. Key points include:

– **Russian Cyber Campaign Advisory:**
– A joint advisory from US and UK cybersecurity authorities highlights a significant threat from APT29, a Russian hacking entity linked to previous high-profile attacks like SolarWinds.
– It warns that these operatives are actively exploiting known vulnerabilities in systems, emphasizing the need for organizations to address unpatched security flaws.
– The advisory includes a list of 24 critical vulnerabilities (CVEs) exploited by these attackers, such as:
– **CVE-2023-20198:** A privilege escalation bug in Cisco iOS.
– **CVE-2023-42793:** A serious issue in JetBrains TeamCity.
– Recommendations to mitigate threats include:
– Proper system configuration by removing unnecessary open ports and default credentials.
– Disabling internet-accessible services wherever possible.
– Baseline device configurations to detect irregularities.

– **Increase in Phone-Assisted Phishing Scams:**
– “Telephone-oriented attack delivery” (TOAD) has emerged as a new tactic, exploiting the inherent trust in phone conversations to facilitate social engineering attacks.
– Research indicates a rise in underground offers for illicit call center services aiding malware delivery and fraudulent calls.
– Organizations are urged to train employees to recognize and avoid these types of scams.

– **F5 Big-IP Persistent Cookie Security:**
– CISA warns that unencrypted persistent cookies on F5 Big-IP systems are being exploited by threat actors.
– It recommends reconfiguring these systems to enhance cookie encryption and utilizing F5’s Big-IP iHealth tool to evaluate and rectify vulnerabilities.

– **GitLab Security Updates:**
– GitLab issued critical updates for its Community and Enterprise editions to address multiple vulnerabilities, including a serious flaw allowing unauthorized access to CI/CD pipelines (CVE-2024-9164).
– Users are encouraged to promptly apply these patches and subscribe to updates.

– **Google-led Anti-Scam Initiative:**
– Google, in collaboration with GASA and DNSRF, has launched the Global Signal Exchange, aimed at improving the identification and disruption of online scams.
– This initiative will leverage threat intelligence to create a user-friendly solution for better scam tracking and profiling, utilizing data accumulated from various sources, including Google’s internal programs.

These points reflect the current landscape of security threats and responses, underscoring the necessity for organizations to maintain robust cyber defenses, stay proactive about patching, and educate their personnel on emerging threats. These insights are essential for security professionals aiming to enhance compliance and operational resilience against evolving cyber threats.