Expert Comments

NSA Warns Chinese State-sponsored Actors Are Exploiting Known Vulns – Security Expert Perspective

Expert(s): Security Experts
Expert(s): Security Experts

Today, the NSA issued the Cybersecurity Advisory “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities” – a list of 25 known vulnerabilities that it warns are currently being exploited actively “against networks of interest that hold sensitive intellectual property, economic, political, and military information. Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts.

Experts Comments

Dot Your Expert Comments
Jayant Shukla
October 21, 2020
CTO and co-founder
K2 Cyber Security

RASP solutions also protect the organization against new and unpatched vulnerabilities.
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection).....Read More
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection) solutions, which are now mandated by the latest version of the NIST SP800-53 Revision 5 Security and Privacy Framework. RASP solutions also protect the organization against new and unpatched vulnerabilities.  Read Less
Chloé Messdaghi
October 21, 2020
VP of Strategy
Point3 Security

It’s disappointing to see the NSA refer to threat actors as hackers. I hope this changes.
We definitely saw an increase in this situation last year and it’s ongoing. They’re trying to collect intellectual property data. Chinese attackers could be nation state, could be a company or group of companies, or just a group of threat actors or an individual trying to get proprietary information to utilize and build competitive companies... in other words, to steal and use for their own gain. I’m glad that the NSA has issued this. Publishing this report reinforces the work that.....Read More
We definitely saw an increase in this situation last year and it’s ongoing. They’re trying to collect intellectual property data. Chinese attackers could be nation state, could be a company or group of companies, or just a group of threat actors or an individual trying to get proprietary information to utilize and build competitive companies... in other words, to steal and use for their own gain. I’m glad that the NSA has issued this. Publishing this report reinforces the work that companies need to do to secure their intellectual property, and pushes them to make the patches and maintenance they need to do. It’s disappointing to see the NSA refer to threat actors as hackers. I hope this changes. Many in the hacking community are legitimate security researchers who alert companies to vulnerabilities in order to secure – not steal – their intellectual property. Many other agencies and Federal entities (such as the Department of Defense) collaborate closely with the hacking community and their vulnerability disclosure programs define the research scope, contact processes, etc. – to help ensure that vulnerabilities are identified and addressed before threat actors can move on them.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

UK Minister Raab Wakes Up to Aggressive Cyber-Attacks Targeting British...

~200K US Military Vets’ Medical Records Leaked by 3rd Pty...

Experts Responses on Verizon DBiR Findings

Expert Reaction On Researcher Proves AirTags Can Be Hacked

Babuk Ransomware Gang Again Threatens DC Police Data Release

UK Home Secretary Warns Not To Pay Out To Ransomware...

U.S. Issues Ransomware Advice For Critical Infrastructure

Android Banking Trojan- Experts Insight

TeaBot Android Bank Trojan Steals EU User Credentials

NCSC Active Cyber Defence Fourth Year Report