An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Some of Our Sources
- Slashdot
- Mashable
- Smashing Apps
- Vandelay Design
- My Ink Blog
- Fudge Graphics
- Design Modo
- Android Dissected
- Android Headlines
- Willems Lab
Help Webnuz
Referal links:
August 5, 2020 10:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/eKZcZ6ZJC4M/hacker-leaks-passwords-for-900-enterprise-vpn-servers
Hacker Leaks Passwords For 900 Enterprise VPN Servers
A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet reports: According to a review, the list includes: IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware version, SSH keys for each server, a list of all local users and their password hashes, admin account details, last VPN logins (including usernames and cleartext passwords), and VPN session cookies. Bank Security, a threat intelligence analyst specialized in financial crime [...] noted that all the Pulse Secure VPN servers included in the list were running a firmware version vulnerable to the CVE-2019-11510 vulnerability. Bank Security believes that the hacker who compiled this list scanned the entire internet IPv4 address space for Pulse Secure VPN servers, used an exploit for the CVE-2019-11510 vulnerability to gain access to systems, dump server details (including usernames and passwords), and then collected all the information in one central repository. Making matters worse, the list has been shared on a hacker forum that is frequented by multiple ransomware gangs. For example, the REvil (Sodinokibi), NetWalker, Lockbit, Avaddonm, Makop, and Exorcist ransomware gangs have threads on the same forum, and use it to recruit members (developers) and affiliates (customers). Many of these gangs perform intrusions into corporate networks by leveraging network edge devices like Pulse Secure VPN servers, and then deploy their ransomware payload and demand huge ransom demands. As Bank Security told ZDNet, companies have to patch their Pulse Secure VPNs and change passwords with the utmost urgency.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/eKZcZ6ZJC4M/hacker-leaks-passwords-for-900-enterprise-vpn-servers
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot