69 matches found
Pulse Secure VPN Arbitrary Command Execution Exploit
Pulse Secure Pulse Connect Secure versions 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure versions 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1 have an...
Blue Cedar partners with Microsoft to combat BYOD issues
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Bring Your Own Device BYOD has been a divisive topic within corporations for years. Employees wanted the convenience of working on their own smart devices, and business decision-make...
Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® framework. See the ATT &CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security...
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency NSA, which released a “top 25”...
CVE-2020-8245
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP...
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
The US Cybersecurity and Infrastructure Security Agency CISA issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese Ministry of State Security-affiliated cyber threat...
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available...
Sensitive data of 900 Pulse Secure VPN servers leaked on hacker forum
By Sudais Asif The team behind Pulse Secure VPN had a year to fix the flaw but it did not get a fix. This is a post from HackRead.com Read the original post: Sensitive data of 900 Pulse Secure VPN servers leaked on hacker forum...
PT-2020-6826 · Citrix · Citrix Adc +1
Name of the Vulnerable Software and Affected Versions: Citrix ADC and Citrix Gateway versions 13.0-58.30 and later releases before the CTX276688 update Description: The issue is related to insufficient protection of service data in the implementation of SSL VPN controller delivery in Citrix ADC a...
DHS Urges Pulse Secure VPN Users To Update Passwords
The Department of Homeland Security DHS is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN. DHS warns that the Pulse Secure VPN patches may have...
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...
Continued Exploitation of Pulse Secure VPN Vulnerability
Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. 1 Although Pulse Secur...
Sodinokibi Ransomware Behind Travelex Fiasco: Report
The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services. The criminals behind the attack are demanding a six-figure sum in return for the decryption...
remote.walink.org Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1030029 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
remotelink.nortonhealthcare.org Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1030028 Security Researcher 0xSkywalker Helped patch 3 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting remotelink.nortonhealthcare.org website and its users. Following coordinated and responsible vulnerability disclosure...
Pulse Secure VPN Arbitrary Command Execution Exploit
This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env1 command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulsesecurefiledisclosure for a pre-auth fil...
Pulse Secure VPN Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary Command Execution', 'Description' = %q This module exploits a post-auth command injection in the Pulse Secure VPN serv...
Pulse Secure VPN Arbitrary Command Execution
This module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env1 command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulsesecurefiledisclosure for a pre-auth file read that...
Multiple Vulnerabilities in Pulse Secure VPN
The CERT Coordination Center CERT/CC has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network VPN. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent thre...