SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: U.S. warns of exploitation of well-known vulnerabilities
Description: The U.S. Cybersecurity and Infrastructure Security Agency released a warning this week that state-sponsored actors are targeting several well-known vulnerabilities disclosed over the past year. Among them are vulnerabilities in the Pulse and Citrix VPN services that could allow an attacker to carry out directory-traversal attacks and infiltrate a victim's network via the VPN. These same actors are also spreading several malware families through spear-phishing campaigns. Users in the public and private sectors are asked to update these affected products as soon as possible, including F5 BIG-IP, Pulse Secure VPN, Citrix VPN and Microsoft Exchange servers.
Snort SIDs: 55637 - 55640
Title: Google Chrome PDFium memory corruption to lead to code execution
Description: Google Chrome's PDFium feature could be exploited by an adversary to corrupt memory and potentially execute remote code. PDFium allows users to open PDFs inside Chrome. Cisco Talos researchers recently discovered a bug that would allow an adversary to send a malicious web page to a user, and then cause out-of-bounds memory access. To trigger this vulnerability, the victim must visit a malicious webpage or open a malicious PDF document.
Snort SIDs: 54282, 54283