![]() ![]() government agencies, critical infrastructure organizations, and private sector companies since at least June 2020. The agency warned at the time that the attacks had targeted U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.ĬISA warned in April that threat actors had been exploiting four vulnerabilities - including one zero-day flaw tracked as CVE-2021-22893 - in Pulse Connect Secure VPN appliances offered by Pulse Secure, a company that was acquired last year by Ivanti. Ivanti declined to comment further in response to additional queries from The Daily Swig.The U.S. “Companywide we are making significant investments to enhance our overall cyber security posture, including a broad implementation of secure application development standards.” businesses and government agencies, we will continue to work with our customers, the broader security industry, law enforcement and government agencies to mitigate these threats. ![]() ![]() ![]() Phil Richards of Ivanti, which only acquired Pulse Secure in December 2020, said: “As sophisticated threat actors continue their attacks on U.S. The Pulse Secure team has coordinated its response with the help of the US Cybersecurity and Infrastructure Security Agency (CISA), Mandiant, and incident response firm Stroz Friedberg, among other parties. Ivanti has released an exploit-detection tool, advised impacted customers to change all passwords, and offered a “workaround” file for users unable to update to the latest version. The vulnerabilities affect environments running Pulse Connect Secure 9.0RX or 9.1RX, with CVE-2021-22893 affecting PCS 9.0R3/9.1R1 and higher. Software update and workaroundĪll four CVEs have been addressed in Pulse Connect Secure version 9.1R.11.4. Invanti has also disclosed and patched a high severity unrestricted file upload flaw (CVE-2021-22900). The first critical vulnerability (CVE-2021-22893), an authentication bypass vulnerability, was caused by a client-side code sign verification failure, present since April 12 when “the validity of the code signing certificate expired”, whereby the certificate expiry time was checked instead of the code signing timestamp. Critical bug trioīoth scoring a near-maximum CVSS of 9.9, the newly disclosed critical bugs include a command injection vulnerability (CVE-2021-22899) that allows authenticated users to perform RCE via Windows File Resource Profiles, and a buffer overflow bug in Pulse Connect Secure Collaboration Suite (CVE-2021-22894) that allows authenticated users to execute arbitrary code through a maliciously crafted meeting room.Ĭatch up on the latest network security news “Multiple, related techniques for bypassing single and multifactor authentication on Pulse Secure VPN devices persisting across upgrades, and maintaining access through webshells,” said Mandiant. In a lengthy technical write-up analyzing the deployment of 12 malware families, FireEye-owned incident response firm Mandiant said intrusions traced back to Pulse Secure flaws had been observed against defense, government, and financial organizations in the US, Europe, and elsewhere. Ivanti CSO Phil Richards said malicious activity had been “identified on a very limited number of customer systems”. The attackers, believed to include a group – ‘UNC2630’ – linked to APT5 and the Chinese government, have also targeted three Connect Secure vulnerabilities patched in 20: CVE-2019-11510, CVE-2020-8243, and CVE-2020-8260. The advice arrived amid reports of widespread, in-the-wild exploitation by suspected state-backed threat actors. The former zero-day bug, which can lead to remote code execution (RCE) and has a maximum CVSS score of 10, was first disclosed on April 20 along with suggested mitigations. Organizations that use Connect Secure, described by parent company Ivanti as the most widely used SSL VPN, were urged to update their systems immediately in a security advisory dropped yesterday (May 3). System updates urgent amid exploitation by nation-state attackersĪn actively exploited zero-day vulnerability in Pulse Connect Secure VPN appliances has been patched together with another pair of newly disclosed critical flaws. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |