7.5
CVSSv2

CVE-2019-11510

Published: 08/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 810
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Pulse Secure Pulse Connect Secure (PCS) 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pulsesecure pulse connect secure 8.2

pulsesecure pulse connect secure 8.3

pulsesecure pulse connect secure 9.0

Exploits

# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit) # Google Dork: inurl:/dana-na/ filetype:cgi # Date: 8/20/2019 # Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera # Vendor Homepage: pulsesecurenet # Version: 81R151, 82 before 82R121, 83 before 83R71, and 90 before 90R34 # Tested on: Linux # CVE : CVE-2 ...

Mailing Lists

This Metasploit module exploits Pulse Secure SSL VPN versions 81R151, 82, 83, and 90 which suffer from an arbitrary file disclosure vulnerability ...

Metasploit Modules

Pulse Secure VPN Arbitrary File Disclosure

This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the "DSIG" browser cookie to a valid session ID. For the "Manual" action, please specify a file to dump via the "FILE" option. /etc/passwd will be dumped by default. If the "PRINT" option is set, file contents will be printed to the screen, with any unprintable characters replaced by a period. Please see related module exploit/linux/http/pulse_secure_cmd_exec for a post-auth exploit that can leverage the results from this module.

msf > use auxiliary/gather/pulse_secure_file_disclosure
msf auxiliary(pulse_secure_file_disclosure) > show actions
    ...actions...
msf auxiliary(pulse_secure_file_disclosure) > set ACTION < action-name >
msf auxiliary(pulse_secure_file_disclosure) > show options
    ...show and set options...
msf auxiliary(pulse_secure_file_disclosure) > run

Github Repositories

Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)

CVE-2019-11510 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) You can use a single domain, either a list of domains You must include in front of the domain Usage : cat targetlisttxt | bash CVE-2019-11510sh / bash CVE-2019-11510sh -d vpntargetcom/ If you want to just verify the exploit and download /etc/passwd then use : cat targ

Pulse Secure SSL VPN pre-auth file reading

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading Reference hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510/blob/master/CVE-2019-11510sh packetstormsecuritycom/files/154176/Pulse-Secure-SSL-VPN-81R151-82-83-90-Arbitrary-File-Disclosurehtml

Pulse Secure VPN CVE-2019-11510

Hi this is script to check IP address from shodan that vulnerable to Pulse Secure exploit CVE-2019-11510 Thanks to Rakesh Parchuri for helping in writing the script After you get the IP's from the output use metasploit module to further exploit wwwexploit-dbcom/exploits/47297

Pulse SSL VPN Arbitrary File Read burp extension

Pulse SSL VPN Arbitrary File Read Scanner Requirements: Burp Suite Professional, Jython 25 or later standalone: wwwjythonorg/downloadshtml Manual installation: 'Extender'-&gt;'Options' Click 'Select file' under 'Python environment' Choose jython-standalone-25jar 'Extender'-&gt;'Extensions' Click &

Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.

pulsexploit Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API You must have a Shodan account to use this script Click here if you don't have Shodan account Installation Install dependencies # CentOS &amp; Fedora yum install git python3 -y # Ubuntu &amp; Debian apt install git python3 pyt

PoC for CVE-2019-11510 | Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure vulnerability

CVE-2019-11510 PoC Python script to exploit CVE-2019-11510 and read '/etc/passwd' file Pulse Secure 81R151/82/83/90 SSL VPN - Arbitrary File Disclosure vulnerability USAGE: python3 CVE-2019-11510py &lt;URL&gt;

CVE-2019-11510-PulseVPN In Pulse Secure Pulse Connect Secure (PCS) 82 before 82R121, 83 before 83R71, and 90 before 90R34, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability exploitsh = Exploring Vulnerability detect-pulsesh = Checks a list of IP's which are running Pulse Secure dr4x-wordlist

Pulse Secure SSL-VPN Exploit (CVE-2019-11510) Usage # python3 exploitpy -u &lt;url&gt; Ref: Hackerone exploitcode -1 CVE-2019-11510 Slide ExploitDB-metasploit

SSL VPN Rce

CVE-2019-11510-1 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) python usage: python CVE-2019-11510py xxxx 参考链接: hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510

Automation of google dorks, to be able to do it like an authentic slav

googleporks NEW UPDATE!! CVE-2019-11510 Search and check vulnerabl sites of CVE-2019-11510 A project to automate google dorks, I've tried it with threads, but google does not like it, and responds with error 428 They're bad people Use googlesearch and terminal_text_color to be cuter pip install -r requirementstxt Usage examples: /googleporkspy -u renfecom -d d

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

pwn-pulsesh Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510) Script authored by braindead @BishopFox Based on research by Orange Tsai and Meh Chang Thanks also to Alyssa Herrera and 0xDezzy for additional insights Huge thanks to bl4ckh0l3z for fixing, cleaning and refactoring the code significantly! This script extracts private key

CVE-2019-11510-PulseVPN In Pulse Secure Pulse Connect Secure (PCS) 82 before 82R121, 83 before 83R71, and 90 before 90R34, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability exploitsh = Exploring Vulnerability detect-pulsesh = Checks a list of IP's which are running Pulse Secure dr4x-wordlist

DHBW Seminararbeit IT Sicherheit Paper for the IT Security lecture about the CVE-2019-11510 Table of contents: Introduction Description Threat classification What is path Traversal How can this vulnerability be exploited? Protective Goals Affected Prevention Detction Solution Conclusion Respository is based on the work of "Aaron Kollmann" See: giteaak31d

GBC_Security 본 저장소는 한동대학교 보안동아리 GHOST의 프로젝트인 GBC(GHOST Basic Course)에서 보안분야를 공부한 내용을 담고 있음 (20210117 - 210117) ccss17/security-tutorial을 기본 배경으로 학습함 Contents day1 CVE-2019-11510 조사 day2 assembly 프로그래밍 day3 배운 내용으로 자유주제 탐구(실패) day4 reversi

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

check-your-pulse This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510 The Cybersecurity and Infrastructure Security Agency (CISA) has seen many organ izations breached despite patching their appliance because of Active Directory credentials (to include Domain Admin) harvested prior to

Attacking and defending web and VPN session hijacking in Pulse Secure Connect

Session hijacking in PulseSecure Server Depending on the configuration, all versions are affected including latest release 90R34 See the vendor's response for the gory configuration details Disclaimer Please note that on a fully patched Pulse server this vulnerability is not exploitable by itself and is only useful under very specific circumstances For this exploit to

Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式 逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

寻找公开漏洞进行复盘学习。

Vulnerability-Review vuln/tricks reports from: wooyun hackerone bugreader Reflected XSS 01 Reflected XSS on wwwhackeronecom and resourceshackeronecom 02 XSS in select attribute options 03 Prevent XSS when passing a parameter directly into link_to 04 Reflected XSS on appstopcodercom/wiki/page/ 05 Reflected XSS on appstopcodercom/wiki/ 06 Refl

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式 逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

Vulnerability-Review vuln/tricks reports from: wooyun hackerone bugreader Reflected XSS 01 Reflected XSS on wwwhackeronecom and resourceshackeronecom 02 XSS in select attribute options 03 Prevent XSS when passing a parameter directly into link_to 04 Reflected XSS on appstopcodercom/wiki/page/ 05 Reflected XSS on appstopcoder

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

旧洞新知。

Vulnerability-Review vuln/tricks reports from: wooyun hackerone bugreader Reflected XSS 01 Reflected XSS on wwwhackeronecom and resourceshackeronecom 02 XSS in select attribute options 03 Prevent XSS when passing a parameter directly into link_to 04 Reflected XSS on appstopcodercom/wiki/page/ 05 Reflected XSS on appstopcodercom/wiki/ 06 Refl

Pulse-Secure-SSL-VPN-CVE-2019 漏洞编号: CVE-2019-11510——任意文件读取(无需授权) CVE-2019-11542——堆栈缓冲区溢出(管理员权限) CVE-2019-11539——命令注入(管理员权限) CVE-2019-11538——通过NFS读取任意文件(用户权限) CVE-2019-11508——通过NFS写入任意文件(用

Detections by Author Author Count DNIF 138 community 127 Total 265 Detections by Directory Directory Count /Advanced Threat Detection/Windows Process Monitoring 119 /Advanced Threat Detection/Proxy Monitoring 29 /Advanced Threat Detection/Webserver Exploits 9 /Cloud Security/Amazon Web Services 13 /Advanced Threat Detection/DNS Monitoring 4 /Cloud

渗透测试用PoC、工具集合

Penetration_Testing_POC_With_Python IOT Device Web APP Mobile APP PC tools 说明 Penetration_Testing_POC_With_Python 搜集有关渗透测试中用python编写的POC、脚本 请使用搜索查找 IOT Device 天翼创维awifi路由器存在多处未授权访问漏洞 华为WS331a产品管理页面存在CSRF漏洞 CVE-2019-16313 蜂网互联企业级路由器v431密码泄

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

pocassist database 介绍 本项目为 pocassist 的 sqlite 数据库文件。 poc 更新日志 2021-6-16 漏洞类型 漏洞编号 漏洞名称 SQL 注入 poc-10001 zzcms sql注入 SQL 注入 poc-10007 phpshe 17 sql注入 SQL 注入 poc-10012 Metinfo 任意文件读取漏洞 SQL 注入 poc-10013 FineCMS 5010 任意sql执行 SQL 注入 poc-10015 Joomla Compone

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

公开收集所用

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\cvescan\critical\CVE-2018-1

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Threat Landscape Trends – Q3 2020
Symantec Threat Intelligence Blog • Threat Hunter Team • 18 Dec 2021

A look at the cyber security trends from the third quarter of 2020.

Posted: 18 Dec, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q3 2020A look at the cyber security trends from the third quarter of 2020.We took a look through telemetry from our vast range of data sources and selected some of the trends that stood out from July, August, and September 2020

From significant increases in Emotet and Cobalt Strike activity to a spike in the number of server vulnerability exploit at...

Patch now? Why enterprise exploits are still partying like it's 1999
The Register • Davey Winder • 08 Sep 2021

Get our weekly newsletter Am I only dreaming, or is this burning an Eternal Blue?

Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example.
Others, however, have not only been long since reported and had patches released, but continue to pose a threat to enterprises. A joint advisory from the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), published in late July, liste...

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
Threatpost • Tara Seals • 04 May 2021

Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe.
Pulse Secure also patched three other security bugs, two of them also critical RCE vulnerabilities.
The zero-day flaw, tracked as CVE-2021-22893, was first disclosed on April 20 and carries the highest possible CVSS sever...

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way
The Register • Thomas Claburn in San Francisco • 20 Apr 2021

Crucial flaw won't be fixed until next month Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month.
On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways.
"There is ...

NSA: 5 Security Bugs Under Active Nation-State Cyberattack
Threatpost • Tara Seals • 16 Apr 2021

The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies.
According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. Cozy Bear or The Dukes) is conducting “widespread scanning and exploitation against vulnerable syst...

NSA: Top 5 vulnerabilities actively abused by Russian govt hackers
BleepingComputer • Lawrence Abrams • 15 Apr 2021

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.
In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to ...

Coming in at number 5, it's a blast from the past! Tenable's 2020 security flaw chart show features hits of yesteryear
The Register • Gareth Corfield • 14 Jan 2021

You know that update thing? JFDI

Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report.
While Zerologon was the company's number one insecurity for 2020, the hoary old Pulse Secure VPN vuln (CVE-2019-11510) was number three, while flaws in Citrix and Fortinet connectivity platforms dating from 2019 and 2018 respectively were also up there.
"As long as unpatched vulnerabilities remain a problem for organizations, you can expect us to...

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
Threatpost • Tara Seals • 21 Oct 2020

Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups.
That’s according to the National Security Agency (NSA), which released a “top 25” list of the exploits that are used the most by China-linked advanced persistent threats (APT), which include the likes of Cactus Pete, TA413, Vicious Panda and Winniti.
The Feds...

Attackers chain Windows, VPN flaws to target US government agencies
welivesecurity • 13 Oct 2020

Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). The technique, which involves exploiting several flaws over the course of a single attack to infiltrate an organization’s network, is part of the gangs’ ram...

Election Systems Under Attack via Microsoft Zerologon Exploits
Threatpost • Lindsey O'Donnell • 13 Oct 2020

U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.
Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory warning of further attacks.

Big US election coming up, security is vital and, oh look... a federal agency just got completely pwned for real
The Register • Shaun Nichols in San Francisco • 25 Sep 2020

Hacker had set up shop on network using stolen Office 365 accounts Feeling bad about your last security audit? Check out what just happened to the US Department of Interior

An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information.
This is according to Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), which on Thursday went into technical detail on how an intruder: broke into staffers' Office 365 accounts; gained access the agency's internal network via its VPN; and installed malware and exfiltrated data.
"CISA became aware – via EINSTEIN, CISA's intrusion detection syste...

Feds Hit with Successful Cyberattack, Data Stolen
Threatpost • Tara Seals • 24 Sep 2020

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Thursday, not naming the agency but providing technical details of the attack. Hackers, it said, gained initial access by using employees’ legitimate Microsoft Office 365 log-in credentials to sign onto an agency computer remotely.
“The cyber-threat a...

Where China leads, Iran follows: US warns of 'contract' hackers exploiting Citrix, Pulse Secure and F5 VPNs
The Register • Gareth Corfield • 16 Sep 2020

Please just patch your infrastructure, begs US-CISA What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds

Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran.
“CISA and FBI are aware of a widespread campaign from an Iran-based malicious cybe...

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Threatpost • Lindsey O'Donnell • 14 Sep 2020

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.
Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the...

What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds
The Register • Shaun Nichols in San Francisco • 14 Sep 2020

Beijing's snoops don't even need zero-days to break into valuable networks

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.
Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted.
In a joint statement, the FBI and Homeland Security's Cybersecu...

Pioneer Kitten APT Sells Corporate Network Access
Threatpost • Elizabeth Montalbano • 01 Sep 2020

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity.
Pioneer Kitten is a hacker group that specializes in infiltrating corporate networks using open-source tools to compromise remote external services. Researchers observed an actor associated with the group advertising access to compromised network...

Iranian hackers are selling access to corporate networks
BleepingComputer • Sergiu Gatlan • 01 Sep 2020

An Iranian-backed hacker group has been observed while seeking to sell access to compromised corporate networks to other threat actors on underground forums and attempting to exploit F5 BIG-IP devices vulnerable to CVE-2020-5902 exploits.
The Iranian hackers have been active since at least 2017 and are being tracked as Pioneer Kitten by cyber-security firm Crowdstrike, as Fox Kitten [
,
] by threat intelligence firm ClearSky, and as
[
,
] by ICS security f...

FBI: Iranian hackers trying to exploit critical F5 BIG-IP flaw
BleepingComputer • Sergiu Gatlan • 08 Aug 2020

The FBI warns of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.
F5 Networks (F5)
to fix the critical 10/10 CVSSv3 rating
tracked as CVE-2020-5902 on July 3, 2020.
The U.S. domestic intelligence and security service says in a Private Industry Notification (PIN) issued earlier this week that the Iran-s...

FBI warns of Netwalker ransomware targeting US government and orgs
BleepingComputer • Sergiu Gatlan • 29 Jul 2020

The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices.
FBI's flash alert also provides indicators of compromise associated with the Netwalker ransomware (also known as Mailto) and includes a list of recommended mitigation measures.
According to the FBI, the operators behind this ransomware strain began targe...

Hackers Look to Steal COVID-19 Vaccine Research
Threatpost • Tara Seals • 16 Jul 2020

Threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S.
That’s according to a joint alert from the U.S. Department of Homeland Security (DHS), the U.K.’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE),  issued Thursday.
The 14-page advisory details the recent activity of Russi...

NSA releases guidance on securing IPsec Virtual Private Networks
BleepingComputer • Sergiu Gatlan • 02 Jul 2020

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.
Besides providing organizations with recommendations on how to secure IPsec tunnels, NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers.
Following these recommendations...

US govt: Hacker used stolen AD credentials to ransom hospitals
BleepingComputer • Sergiu Gatlan • 18 Apr 2020

Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using stolen Active Directory credentials months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.
Even though the vulnerability tracked as CVE-2019-11510 was patched by Pulse Secure
, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations in January 2020 to
against ongoing attacks, after another aler...

DHS Urges Pulse Secure VPN Users To Update Passwords
Threatpost • Lindsey O'Donnell • 17 Apr 2020

The Department of Homeland Security (DHS) is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN.
DHS warns that the Pulse Secure VPN patches may have come too late. Government officials say before the patches were deployed, bad actors were able to compromise Active Directory accounts. So even those who have patched for the bug could still be c...

Chinese Hackers Use Cisco, Citrix, Zoho Exploits In Targeted Attacks
BleepingComputer • Sergiu Gatlan • 25 Mar 2020

The Chinese state-sponsored group APT41 has been at the helm of a range of attacks that used recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.
It is not known if the campaign that started in January 2020 was designed to take advantage of companies having to focus on setting up everything needed by their remote workers while in COVID-19 lockdown or quarantine but, as FireEye resea...

UK Fintech Firm Finastra Hit By Ransomware, Shuts Down Servers
BleepingComputer • Sergiu Gatlan • 20 Mar 2020

Finastra, a leading financial technology provider from the UK, announced that it had to take several servers offline following a ransomware attack detected earlier today.
The fintech company
financial software and services to more than 9,000 customers of all sizes from 130 countries across the globe, including 90 of the top 100 banks globally.
Finastra also has over 10,000 employees working from 42 offices, including London, New York, and Toronto, and a $1.9 billion in rev...

US Govt Shares Tips on Securing VPNs Used by Remote Workers
BleepingComputer • Sergiu Gatlan • 13 Mar 2020

The Department of Homeland Security's cybersecurity agency today shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations have made working from home the default for their employees in response to the Coronavirus disease (COVID-19) pandemic.
"As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity," an alert publ...

FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
BleepingComputer • Sergiu Gatlan • 17 Jan 2020

FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers.
The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to
against ongoing attacks trying to exploit the flaw tracked as 
.
This bug enables unauthenticated remote attackers to send a specially cr...

US Govt Warns of Attacks on Unpatched Pulse VPN Servers
BleepingComputer • Sergiu Gatlan • 10 Jan 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.
This warning follows another alert issued by CISA in
, and others coming from the 
(NSA), 
, and UK's
(NCSC).
Pulse Secure reported the vulnerability tracked as CVE-2019-11510 and disclosed by Orange Tsai and Meh Chang ...

That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time
The Register • Shaun Nichols in San Francisco • 07 Jan 2020

Plug this security bypass... if you can even find the boxes running it

Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.
British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.
The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is p...

Sodinokibi Ransomware Behind Travelex Fiasco: Report
Threatpost • Tara Seals • 07 Jan 2020

The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services.
The criminals behind the attack are demanding a six-figure sum in return for the decryption key, according to reports, and are directing the company to a payment website hosted in Colorado.
“It is just business. We absolutely do not care about you or your details, except gettin...

That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time
The Register • Shaun Nichols in San Francisco • 07 Jan 2020

Plug this security bypass... if you can even find the boxes running it Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads

Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.
British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.
The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is p...

Sodinokibi Ransomware Hits Travelex, Demands $3 Million
BleepingComputer • Ionut Ilascu • 06 Jan 2020

It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
The attack occurred on December 31 and affected some Travelex services. This prompted the company to take offline all its computer systems, a precaution meant "to protect data and prevent the spread of the virus."
As a result, customers could ...

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
Threatpost • Elizabeth Montalbano • 08 Oct 2019

State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–C...

The Register

Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran.
“CISA and FBI are aware of a widespread campaign from an Iran-based malicious cybe...

The Register

Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month.
On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways.
"There is ...

The Register

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.
Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted.
In a joint statement, the FBI and Homeland Security's Cybersecu...

Ransomware's big jump: ransoms grew 14 times in one year
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.
There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world.
Since the infamous GandCrab group
in mid-2019, the ransomware landscape changed drastically. The RaaS mod...

Nation-state hackers are targeting COVID-19 response orgs
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups according to a joint advisory issued today by cyber-security agencies from the US and the UK.
Healthcare bodies, medical research organizations, pharmaceutical companies, academia, and local governments are some examples of organizations currently being targeted by state-backed hacking groups.
"APT actors frequently target organizati...

Black Kingdom ransomware hacks networks with Pulse VPN flaws
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found.
The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.
They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN that was patched in April 2019. Companies delayed updating their software even after ...

The Register

An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information.
This is according to Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), which on Thursday went into technical detail on how an intruder: broke into staffers' Office 365 accounts; gained access the agency's internal network via its VPN; and installed malware and exfiltrated data.
"CISA became aware – via EINSTEIN, CISA's intrusion detection syste...

The Register

Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report.
While Zerologon was the company's number one insecurity for 2020, the hoary old Pulse Secure VPN vuln (CVE-2019-11510) was number three, while flaws in Citrix and Fortinet connectivity platforms dating from 2019 and 2018 respectively were also up there.
"As long as unpatched vulnerabilities remain a problem for organizations, you can expect us to...