SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: U.S. blames Russian state-sponsored actors for exploiting vulnerabilities
Description: The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and detailed more of the group's tactics, techniques and procedures. The exploits included a series of five CVEs that affect VPN solutions, collaboration suite software and virtualization technologies. All five of the CVEs have been patched — Cisco Talos encourages everyone with the affected software update immediately. Some of these vulnerabilities also have working metasploit modules and are currently being widely exploited. Please note that some of these vulnerabilities exploit applications leveraging SSL.
Reference: https://blog.talosintelligence.com/2021/04/nsa-svr-coverage.html
Snort SIDs: 49898, 52512, 52513, 52603, 52620, 52662, 51370 – 51372, 51288 - 51390
Title: Google Chrome V8 engine exploited in the wild
Description: Google issued multiple updates to its Chrome web browser last week after researchers discovered multiple zero-day vulnerabilities in its V8 engine. The company stated in an update that exploits for vulnerabilities in V8 and Chrome's rendering engine Blink exist in the wild. According to proof-of-concept code posted by a security researcher, an attacker could use an HTML and JavaScript file to launch the calculator app on Windows 10 when loaded into a Chromium-based browser. However, it has larger wide-range implications, including other types of code execution.
Reference: https://www.techradar.com/news/google-scrambles-to-fix-another-round-of-chrome-vulnerabilities
Snort SIDs: 57420 - 57424