MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
secure
Search

Hackers Are Exploiting a Pulse Secure 0-Day To Breach Orgs Around the World

Wednesday April 21, 2021. 12:40 AM , from Slashdot
An anonymous reader quotes a report from Ars Technica: Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said. At least one of the security flaws is a zero-day, meaning it was unknown to Pulse Secure developers and most of the research world when hackers began actively exploiting it, security firm Mandiant said in a blog post published Tuesday. Besides CVE-2021-22893, as the zero-day is tracked, multiple hacking groups -- at least one of which likely works on behalf of the Chinese government -- are also exploiting several Pulse Secure vulnerabilities fixed in 2019 and 2020.

Used alone or in concert, the security flaws allow the hackers to bypass both single-factor and multifactor authentication protecting the VPN devices. From there, the hackers can install malware that persists across software upgrades and maintain access through webshells, which are browser-based interfaces that allow hackers to remotely control infected devices. Multiple intrusions over the past six months have hit defense, government, and financial organizations around the world, Tuesday's post reported. Separately, the US Cybersecurity and Infrastructure Security Agency said that targets also include US government agencies, critical infrastructure entities, and other private sector organizations.' Mandiant said that it has uncovered 'limited evidence' that tied one of the hacker groups to the Chinese government. Dubbed UNC2630, this previously unknown team is one of at least two hacking groups known to be actively exploiting the vulnerabilities. Tuesday's blog post also referred to another previously unseen group that Mandiant is calling UNC2717. In March, the group used malware Mandiant identifies as RADIALPULSE, PULSEJUMP, and HARDPULSE against Pulse Secure systems at a European organization. Pulse Secure on Tuesday published an advisory instructing users how to mitigate the currently unpatched security bug.

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/HA3LTGaQsUY/hackers-are-exploiting-a-pulse-secure-0-day-to-...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 10:57 CET