A New Threat Actor is Exploiting Pulse Secure VPN and SolarWinds Orion Vulnerabilities to Install Credential-Stealing Malware

Prometei botnet hackers are exploiting Exchange flaws, Hackers use ToxicEye RAT to hack Telegram, Threat actors exploiting new Trend Micro bug, 18 new C&C SolarWinds' hackers servers found, more

Plug: Check out my latest column on the Biden administration’s 100-day push for better electric sector cybersecurity.

The Cybersecurity and Infrastructure Security Agency (CISA) warns that a new threat actor aside from Russia is exploiting a vulnerability in Pulse Secure’s virtual private network (VPN) appliance, moving laterally to its SolarWinds Orion server, installing malware referred to by security researchers as SUPERNOVA (a .NET webshell), and stealing credentials.

CISA issued a warning earlier this week about FireEye's discovery that a hacking group linked to the Chinese government uses vulnerabilities in the VPN to target defense industrial base contractors and entities in Europe. (Justin Katz / FCW)

Related: CISO MAG, SensorsTechForum, Cyber News Group, DataBreaches.net, CISA.gov, Dark Reading: Attacks/Breaches, MSSP Alert, The Register - Security, Cyberdefense Magazine, CRN, HealthITSecurity, Talos Intel, SecurityWeek, Help Net Security, The Hill, TechTarget, Computing.c…