Search results for: CVE-2019-11510

red

Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)

Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, government, and financial organizations around the world, Mandiant/FireEye has warned on Tuesday. Phil Richards, the Chief Security Officer at Ivanti – the company that acquired Pulse Secure in late 2020 – said that the zero-day vulnerability “impacted a very limited number of customers,” and that the software updates plugging the flaw … More

world

Insights for navigating a drastically changing threat landscape

In a recent report, Trend Micro announced it detected 119,000 cyber threats per minute in 2020 as home workers and infrastructure came under new pressure from attacks. Attacks on homes surged The report also shows that home networks were a major draw last year for cybercriminals looking to pivot to corporate systems, or compromise and conscript IoT devices into botnets. Attacks on homes surged 210% to reach nearly 2.9 billion—amounting to 15.5% of all homes. … More

risk

The three stages of security risk reprioritization

What began as a two-week remote working environment, due to COVID-19 has now stretched past the nine-month mark for many. The impact of telework on organizations can be felt across departments, including IT and security, which drove the almost overnight digital transformation that swept across the globe. While organizations across various sectors were faced with the challenge of maximizing their telework posture, those in government services had the extra burden of supporting employees who needed … More

China

25 vulnerabilities exploited by Chinese state-sponsored hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and … More

Doctor

Biomedical orgs working on COVID-19 vaccines open to cyber attacks

In a recently released report by the UK National Cyber Security Centre (NCSC), whose findings have been backed by Canada’s Communications Security Establishment (CSE) and the US NSA and CISA (Cybersecurity and Infrastructure Security Agency), the agency has warned about active cyber attacks targeting biomedical organizations that are involved in the development of a COVID-19 vaccine. On Friday, BitSight researchers shared the results of a study that looked for detectable security issues at a number … More

Hand

Have you patched these top 10 routinely exploited vulnerabilities?

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals. “Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available,” the agency noted. … More

ransomware

How to thwart human-operated ransomware campaigns?

Most ransomware campaigns hitting healthcare organizations and critical services right now are just the final act of a months-long compromise. “Using an attack pattern typical of human-operated ransomware campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain,” says the Microsoft Threat Protection Intelligence Team. Organizations who have yet to witness the final … More

RDP VPN

RDP and VPN use soars, increasing enterprise cyber risk

As COVID-19 slowly spread across the globe, consumer demand for commercial virtual private network (VPN) services has soared – both for security reasons and for bypassing geo-blocking of (streaming) content. Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol (RDP), a popular and common means for remotely managing a computer over a network connection. Increased enterprise RDP and VPN use Shodan creator John Matherly has … More

Travelex

Travelex extorted by ransomware gang, services still offline a week after the hit

On the last day of 2019, foreign exchange company Travelex was hit by cyber attackers wielding the Sodinokibi (aka REvil) ransomware. More than a week later, the company’s websites and online services are still offline despite the company’s remediation efforts. Current situation “Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful. To date, the company can confirm that whilst there has been some data encryption, there is no … More

SSL VPN

Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs

Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations. About the vulnerabilities Attackers have been scanning for and targeting two vulnerabilities: CVE-2019-11510, an arbitrary file reading vulnerability in Pulse Connect Secure CVE-2018-13379, a path traversal flaw in the FortiOS SSL VPN web portal. Both vulnerabilities can be exploited remotely by sending a … More