SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Attackers exploiting multiple critical vulnerabilities in Pulse Secure VPN service
Description: Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory. The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment." The company released a blog post alongside this advisory disclosing that the vulnerability has been exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency also released an alert warning of these vulnerabilities. In the alert, CISA notes that networks belonging to multiple government agencies, critical infrastructure entities and private sector organizations have been compromised going as far back as June 2020.
References: https://blog.talosintelligence.com/2021/04/pulse-vpn-coverage.html
Snort SIDs: 51288, 51289, 51390, 57452 – 57459 and 57461 - 57468
Title: Targets still seeing a rise in COVID-19-themed malware campaigns
Description: A new report indicates that the amount of malware campaigns using COVID-19-themed lures continue to rise, even more than a year after the pandemic took hold in the U.S. New data shows that COVID-related cyber attack detections rose by 240 percent in the third quarter of 2020 and 114 percent in Q4. Many attackers relied on privilege escalation techniques to spread ransomware and other threats off the backs of these campaigns. Some used PowerShell, while others relied on remote access trojans like Remcos. Several state-sponsored actors have also been involved in these attacks.
Reference: https://www.helpnetsecurity.com/2021/04/19/covid-19-themed-cyberattack/
Snort SIDs: 57431