The US Government’s investigation into possible compromises accomplished through vulnerabilities in Pulse Secure VPN software is expanding. CNN reports that at least five Federal agencies appear to have been affected. This represents the third major software supply chain compromise that’s come to light in 2021, the Voice of America notes.
Microsoft yesterday announced a set of memory allocation vulnerabilities they're tracking as "BadAlloc." The vulnerabilities affect IoT and OT devices, and they could be exploited either for remote code execution or to induce system crashes. CISA has also published mitigation advice for BadAlloc.
The disclosure of BadAlloc should lend some urgency to the OT security about which NSA cautioned the Defense Industrial Base in yesterday's Advisory. That advice was prompted by the SolarWinds compromise, but the concerns are broadly applicable to OT operators.
Kaspersky says it’s detected Purple Lambert malware in a number of networks. iTWire reports that this malware family has been associated with the CIA, but the evidence is ambiguous, with some observers pointing out that the malware may have been staged by rival foreign intelligence services.
FireEye warned yesterday that it's observed "an aggressive financially motivated group, UNC2447, exploiting one SonicWall VPN zero-day vulnerability." The company reckons the threat a serious one, with evidence of tool-sharing by criminal groups.
Recorded Future detects a criminal market for deepfakes.
The United Nations International Computing Centre says that, with the help of Group-IB, it’s taken down a scam campaign that since April 7th has been impersonating the World Health Organization.