Jump to content

Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world


securitybreach
 Share

Recommended Posts

securitybreach

This is very bad. 

 

Quote

Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said.

 

At least one of the security flaws is a zero-day, meaning it was unknown to Pulse Secure developers and most of the research world when hackers began actively exploiting it, security firm Mandiant said in a blog post published Tuesday. Besides CVE-2021-22893, as the zero-day is tracked, multiple hacking groups—at least one of which likely works on behalf of the Chinese government—are also exploiting several Pulse Secure vulnerabilities fixed in 2019 and 2020.


https://arstechnica.com/gadgets/2021/04/hackers-are-exploiting-a-pulse-secure-0day-to-breach-orgs-around-the-world/

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...