Expert Comments

NSA Warns Chinese State-sponsored Actors Are Exploiting Known Vulns – Security Expert Perspective

Expert(s): Security Experts
Expert(s): Security Experts

Today, the NSA issued the Cybersecurity Advisory “Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities” – a list of 25 known vulnerabilities that it warns are currently being exploited actively “against networks of interest that hold sensitive intellectual property, economic, political, and military information. Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts.

Experts Comments

October 21, 2020
Jayant Shukla
CTO and co-founder
K2 Cyber Security
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection).....Read More
The new list of top 25 vulnerabilities being exploited by Chinese hacking is a great reminder that the easiest protection against cyber attacks is keeping your operating systems, applications, devices, and software patched and up to date. For organizations that can’t keep up to date or don’t have the resources to keep their software up to date, they should look into virtual patching solutions that protect the application, like the ones offered by RASP (Runtime Application Self-Protection) solutions, which are now mandated by the latest version of the NIST SP800-53 Revision 5 Security and Privacy Framework. RASP solutions also protect the organization against new and unpatched vulnerabilities.  Read Less
October 21, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
We definitely saw an increase in this situation last year and it’s ongoing. They’re trying to collect intellectual property data. Chinese attackers could be nation state, could be a company or group of companies, or just a group of threat actors or an individual trying to get proprietary information to utilize and build competitive companies... in other words, to steal and use for their own gain. I’m glad that the NSA has issued this. Publishing this report reinforces the work that.....Read More
We definitely saw an increase in this situation last year and it’s ongoing. They’re trying to collect intellectual property data. Chinese attackers could be nation state, could be a company or group of companies, or just a group of threat actors or an individual trying to get proprietary information to utilize and build competitive companies... in other words, to steal and use for their own gain. I’m glad that the NSA has issued this. Publishing this report reinforces the work that companies need to do to secure their intellectual property, and pushes them to make the patches and maintenance they need to do. It’s disappointing to see the NSA refer to threat actors as hackers. I hope this changes. Many in the hacking community are legitimate security researchers who alert companies to vulnerabilities in order to secure – not steal – their intellectual property. Many other agencies and Federal entities (such as the Department of Defense) collaborate closely with the hacking community and their vulnerability disclosure programs define the research scope, contact processes, etc. – to help ensure that vulnerabilities are identified and addressed before threat actors can move on them.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

The Changing Face Of The COO Role

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts