25 matches found
Pulse Secure VPN Arbitrary File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary File Disclosure', 'Description' = %q This module exploits a pre-auth directory traversal in the Pulse Secure VPN serve...
Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices
Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures TTPs adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's...
Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...
SUPERNOVA malware discovered on SolarWinds Orion server
The Cybersecurity and Infrastructure Security Agency CISA has reported finding the SUPERNOVA web shell collecting credentials on a SolarWinds Orion server. These observations were made during an incident response to an Advanced Persistent Threat APT actor’s year-long compromise of an enterprise...
WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations
If Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability CVE-2021-22893 that is currently being exploited in the wild and for which there is no patch available yet. At least two threat...
Pulse Secure VPN Arbitrary Command Execution Exploit
Pulse Secure Pulse Connect Secure versions 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure versions 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1 have an...
Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® framework. See the ATT &CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security...
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency NSA, which released a “top 25”...
CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
The US Cybersecurity and Infrastructure Security Agency CISA issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese Ministry of State Security-affiliated cyber threat...
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available...
Sensitive data of 900 Pulse Secure VPN servers leaked on hacker forum
By Sudais Asif The team behind Pulse Secure VPN had a year to fix the flaw but it did not get a fix. This is a post from HackRead.com Read the original post: Sensitive data of 900 Pulse Secure VPN servers leaked on hacker forum...
DHS Urges Pulse Secure VPN Users To Update Passwords
The Department of Homeland Security DHS is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN. DHS warns that the Pulse Secure VPN patches may have...
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...
CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers
The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...
Continued Exploitation of Pulse Secure VPN Vulnerability
Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. 1 Although Pulse Secur...
Sodinokibi Ransomware Behind Travelex Fiasco: Report
The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services. The criminals behind the attack are demanding a six-figure sum in return for the decryption...
remote.walink.org Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1030029 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
remotelink.nortonhealthcare.org Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1030028 Security Researcher 0xSkywalker Helped patch 3 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting remotelink.nortonhealthcare.org website and its users. Following coordinated and responsible vulnerability disclosure...
Pulse Secure VPN Arbitrary Command Execution Exploit
This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env1 command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulsesecurefiledisclosure for a pre-auth fil...
Pulse Secure VPN Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary Command Execution', 'Description' = %q This module exploits a post-auth command injection in the Pulse Secure VPN serv...