Sources Contact Advanced Search Tutorials

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

April 18, 2020 12:45 am

DHS CISA: Companies Are Getting Hacked Even After Patching Pulse Secure VPNs

According to the DHS's Cybersecurity and Infrastructure Security Agency (CISA), companies that run Pulse Secure VPN servers are still at risk of getting hacked, despite patching vulnerable systems. ZDNet reports: Pulse Secure VPN servers are enterprise-grade VPN gateways that companies use to let workers connect to internal company networks from across the internet. Last year, a major vulnerability was disclosed in these products. The vulnerability, tracked as CVE-2019-11510, allowed hackers to run malicious code on vulnerable servers. [...] According to the [DHS CISA and Japan's Computer Emergency Response Team (JPCERT)], hackers have also been using access to the Pulse Secure VPN server to extract plaintext Active Directory (AD) credentials. Now, JPCERT and CISA say they're seeing attacks where hackers are leveraging these stolen credentials to access internal networks even after companies patched Pulse Secure VPN gateways. In an alert published yesterday, CISA said it was aware of "incidents where compromised Active Directory credentials were used months after the victim organization patched their VPN appliance." The U.S. agency has released a tool on GitHub for companies that run Pulse Secure VPNs. The tool can be used to sift through their Pulse Secure logs and spot signs of a potential compromise. The tool scans for IP addresses and user-agents known to be associated with groups that have exploited Pulse Secure VPN servers.

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot