CyberSec Roundup
A synopsis of the Latest Cybersecurity News
CISA Issues directive for unpatched PCS devices
Pulse Connect Secure VPN devices are being exploited with a zero-day vulnerability, according to a report by the cybersecurity firm FireEye. As many organizations in the US have been affected, the US Cybersecurity and Infrastructure Security Agency has ordered federal agencies to ensure their devices are patched and to monitor their networks for any signs they may be compromised. Chinese state-sponsored APT groups are suspected to be behind these attacks, the vulnerability is CVE-2021-22893.
Sonic Firewall ES Vulnerability
FireEye has also discovered more zero-day vulnerabilities in SonicWall’s Email Security product. The company has released patches for these vulnerabilities and is urging customers to apply them. Attackers can exploit the vulnerability to launch web shells, the vulnerabilities are CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023.
Geico Hacked
Geico, the 2nd largest car insurance company in the US disclosed that they suffered a data breach on their online sales portal, which led to the attackers gaining access to driver’s license numbers of their customers. Geico suspects the attackers will use the stolen information for fraud purposes, so customers need to be on alert.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker