SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: U.S. blames Russian state-sponsored actors for exploiting vulnerabilities
Description: The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and detailed more of the group's tactics, techniques and procedures. The exploits included a series of five CVEs that affect VPN solutions, collaboration suite software and virtualization technologies. All five of the CVEs have been patched — Cisco Talos encourages everyone with the affected software update immediately. Some of these vulnerabilities also have working metasploit modules and are currently being widely exploited. Please note that some of these vulnerabilities exploit applications leveraging SSL.
Snort SIDs: 49898, 52512, 52513, 52603, 52620, 52662, 51370 – 51372, 51288 - 51390
Title: Google Chrome V8 engine exploited in the wild
Snort SIDs: 57420 - 57424