IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Weekly threat roundup: Google Chrome, Pulse Secure, Telegram

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Businesses hacked through SonicWall’s Email Security flaws

Researchers have found evidence that hackers have exploited three severe zero-day vulnerabilities in SonicWall’s Email Security platform to breach the network of an unidentified business.

Cyber criminals are said to have chained three flaws, CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023, together to install a backdoor, access files and emails, and move across the victim’s organisation. These vulnerabilities were first discovered in March 2021, and a hotfix was made available for the first two flaws on 9 April 2021. SonicWall then released a fix for the final vulnerability this week, before disclosing details of the exploitation.

Hackers exploit Pulse Secure VPN flaws

Two major hacking groups have deployed a dozen malware families to compromise US and European organisations by exploiting vulnerabilities in Pulse Secure’s VPN platform.

Tracked as CVE-2021-22893, the critical remote code execution flaw in Pulse Connect Secure is rated a maximum of ten on the threat severity scale. It was chained with other previously known flaws in Pulse Secure products to infiltrate a series of organisations, including those in the US defence sector. An alert issued by the Cybersecurity and Infrastructure Security Agency (CISA) confirmed multiple government agencies and critical organisations in the US were breached.

Ivanti, Pulse Secure’s parent company, has released a number of mitigations, although a full patch won’t be available until next month. The purpose of the hack, and its scale, isn’t fully clear, although FireEye researchers have linked the attack to Chinese state-backed groups.

Telegram used to remotely control ToxicEye malware 

Hackers are using the Telegram instant messaging app to remotely control and distribute several malware families, including ToxicEye.

Researchers with Check Point Research (CPR) have so far found evidence of more than 130 cyber attacks involving ToxicEye that were managed through Telegram. Telegram-based malware is a growing trend and coincides with the app’s increasing popularity.

This approach allows hackers to send malicious commands and operations through the app, even if Telegram isn’t installed or being used by the victim. Attackers simply begin the process by creating a Telegram account and a dedicated bot. They then execute commands to spread the malware through spam campaigns as well as through email attachments.

Benefits of using Telegram include the fact it’s a legitimate and easy-to-use app that isn’t blocked by any enterprise security software or network management tools. Anonymity also means that attackers are difficult to identify, given you only need a phone number to create an account. Unique features in Telegram also mean attackers can easily exfiltrate data from victims’ PCs and transfer new malicious files to infected machines.

Google fixes another actively exploited Chrome bug

Google patched seven vulnerabilities this week including another zero-day flaw that has been actively exploited, adding to a growing list of flaws in the web browser that hackers have hijacked this year.

Tracked as CVE-2021-21224, this vulnerability was described as "type confusion in V8", although the precise attack mechanism or the consequences of successful exploitation weren’t disclosed. This bug follows two more Google Chrome flaws that were patched in recent months, including CVE-2021-21220 and CVE-2021-21166, both described as memory corruption bugs.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022