The Russian Foreign Intelligence Service is exploiting five vulnerabilities in attacks against U.S. organizations and interests. The NSA is advising all organizations to immediately patch vulnerable devices to protect against cyberattacks that lead to data theft, banking fraud, and ransomware attacks. All admins “urgently implement associated mitigations”” for these vulnerabilities to prevent further attacks by the Russian SVR and other threat actors. The Russian SV is exploiting vulnerabilities against public-facing services to obtain authentication credentials to further compromise the networks of US corporate and government networks.”
Source: https://www.bleepingcomputer.com/news/security/nsa-top-5-vulnerabilities-actively-abused-by-russian-govt-hackers/