{"id":26848,"date":"2022-10-09T00:30:00","date_gmt":"2022-10-08T22:30:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=26848"},"modified":"2022-10-08T15:58:30","modified_gmt":"2022-10-08T13:58:30","slug":"us-behrden-verffentlichen-die-top-20-der-durch-chinas-staatshacker-ausgenutzten-schwachstellen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/10\/09\/us-behrden-verffentlichen-die-top-20-der-durch-chinas-staatshacker-ausgenutzten-schwachstellen\/","title":{"rendered":"U.S. authorities publish top 20 vulnerabilities exploited by China's state hackers"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/?p=273673\" target=\"_blank\" rel=\"noopener\">German<\/a>]In a joint Cybersecurity Advisory (CSA), the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a list of key vulnerabilities (CVEs) exploited by state-sponsored cyber actors in the People's Republic of China (PRC) since 2020.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/eed9e8c2abcf4a5f98de1347884d5e14\" alt=\"\" width=\"1\" height=\"1\" \/>According to this <a href=\"https:\/\/media.defense.gov\/2022\/Oct\/06\/2003092365\/-1\/-1\/0\/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF\" target=\"_blank\" rel=\"noopener\">Cybersecurity Advisory<\/a> (PDF), PRC state-sponsored cyber actors continue to exploit vulnerabilities already known &#8211; and actually closed through security updates &#8211; to actively access U.S. and allied networks and software and hardware companies. The goal is to steal intellectual property and gain access to sensitive networks.<\/p>\n<p><a href=\"https:\/\/twitter.com\/campuscodi\/status\/1578109267961212928\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Top 20 vulnerabilities misused by state sponsored chinese hackers\" src=\"https:\/\/i.imgur.com\/WYSeH85.png\" alt=\"Top 20 vulnerabilities misused by state sponsored chinese hackers\" \/><\/a><\/p>\n<p>Catalin Cimpanu listed these top 20 exploited vulnerabilities in the above <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1578109267961212928\" target=\"_blank\" rel=\"noopener\">tweet<\/a>. All the CVEs mentioned in the recommendation are publicly known. The main recommended remediation is to fix these and other known vulnerabilities through updates. The published <a href=\"https:\/\/media.defense.gov\/2022\/Oct\/06\/2003092365\/-1\/-1\/0\/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF\" target=\"_blank\" rel=\"noopener\">PDF report<\/a> highlights how PRC cyber actors continue to exploit these vulnerabilities to gain unauthorized access to sensitive networks, establish themselves, and laterally (laterally) access other internally connected networks.<\/p>\n<p>Actors are targeting government and critical infrastructure networks with an increasing number of new and adaptable techniques, according to the report. Some of these techniques pose significant risk to information technology sector organizations (including telecommunications providers), defense industrial base (DIB) organizations, and other critical infrastructure organizations.<\/p>\n<p>This joint Cybersecurity Advisory (CSA) draws on previous reports by NSA, CISA, and the FBI to provide U.S. federal and state, local, tribal, and territorial governments (SLTT), critical infrastructure (including defense industrial sector), and private sector organizations on notable trends and persistent tactics, techniques, and procedures (TTPs).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]In a joint Cybersecurity Advisory (CSA), the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a list of key vulnerabilities (CVEs) exploited by state-sponsored cyber actors in the People's Republic &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/10\/09\/us-behrden-verffentlichen-die-top-20-der-durch-chinas-staatshacker-ausgenutzten-schwachstellen\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-26848","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=26848"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/26848\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=26848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=26848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=26848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}