7.5
CVSSv2

CVE-2019-11510

Published: 08/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 804
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Pulse Secure Pulse Connect Secure (PCS) 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .

Vulnerability Trend

Exploits

# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit) # Google Dork: inurl:/dana-na/ filetype:cgi # Date: 8/20/2019 # Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera # Vendor Homepage: pulsesecurenet # Version: 81R151, 82 before 82R121, 83 before 83R71, and 90 before 90R34 # Tested on: Linux # CVE : CVE-2 ...

Mailing Lists

This Metasploit module exploits Pulse Secure SSL VPN versions 81R151, 82, 83, and 90 which suffer from an arbitrary file disclosure vulnerability ...

Metasploit Modules

Pulse Secure VPN Arbitrary File Disclosure

This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the "DSIG" browser cookie to a valid session ID. For the "Manual" action, please specify a file to dump via the "FILE" option. /etc/passwd will be dumped by default. If the "PRINT" option is set, file contents will be printed to the screen, with any unprintable characters replaced by a period. Please see related module exploit/linux/http/pulse_secure_cmd_exec for a post-auth exploit that can leverage the results from this module.

msf > use auxiliary/gather/pulse_secure_file_disclosure
msf auxiliary(pulse_secure_file_disclosure) > show actions
    ...actions...
msf auxiliary(pulse_secure_file_disclosure) > set ACTION < action-name >
msf auxiliary(pulse_secure_file_disclosure) > show options
    ...show and set options...
msf auxiliary(pulse_secure_file_disclosure) > run

Github Repositories

Pulse Secure SSL VPN pre-auth file reading

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading Reference hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510/blob/master/CVE-2019-11510sh packetstormsecuritycom/files/154176/Pulse-Secure-SSL-VPN-81R151-82-83-90-Arbitrary-File-Disclosurehtml

Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)

CVE-2019-11510 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) You can use a single domain, either a list of domains You must include in front of the domain Usage : cat targetlisttxt | bash CVE-2019-11510sh / bash CVE-2019-11510sh -d vpntargetcom/ If you want to just verify the exploit and download /etc/passwd then use : cat targ

Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.

pulsexploit Automated script for Pulse Secure SSL VPN exploit (CVE-2019-11510) using hosts retrieved from Shodan API You must have a Shodan account to use this script Click here if you don't have Shodan account Installation Install dependencies # CentOS &amp; Fedora yum install git python3 -y # Ubuntu &amp; Debian apt install git python3 pyt

Pulse SSL VPN Arbitrary File Read burp extension

Pulse SSL VPN Arbitrary File Read Scanner Requirements: Burp Suite Professional, Jython 25 or later standalone: wwwjythonorg/downloadshtml Manual installation: 'Extender'-&gt;'Options' Click 'Select file' under 'Python environment' Choose jython-standalone-25jar 'Extender'-&gt;'Extensions' Click &

Pulse Secure VPN CVE-2019-11510

Hi this is script to check IP address from shodan that vulnerable to Pulse Secure exploit CVE-2019-11510 Thanks to Rakesh Parchuri for helping in writing the script After you get the IP's from the output use metasploit module to further exploit wwwexploit-dbcom/exploits/47297

Pulse Secure SSL-VPN Exploit (CVE-2019-11510) Usage # python3 exploitpy -u &lt;url&gt; Ref: Hackerone exploitcode -1 CVE-2019-11510 Slide ExploitDB-metasploit

PoC for CVE-2019-11510 | Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure vulnerability

CVE-2019-11510 PoC Python script to exploit CVE-2019-11510 and read '/etc/passwd' file Pulse Secure 81R151/82/83/90 SSL VPN - Arbitrary File Disclosure vulnerability USAGE: python3 CVE-2019-11510py &lt;URL&gt;

SSL VPN Rce

CVE-2019-11510-1 Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510) python usage: python CVE-2019-11510py xxxx 参考链接: hackeronecom/reports/591295 githubcom/projectzeroindia/CVE-2019-11510

Automation of google dorks, to be able to do it like an authentic slav

googleporks NEW UPDATE!! CVE-2019-11510 Search and check vulnerabl sites of CVE-2019-11510 A project to automate google dorks, I've tried it with threads, but google does not like it, and responds with error 428 They're bad people Use googlesearch and terminal_text_color to be cuter pip install -r requirementstxt Usage examples: /googleporkspy -u renfecom -d d

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

pwn-pulsesh Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510) Script authored by braindead @BishopFox Based on research by Orange Tsai and Meh Chang Thanks also to Alyssa Herrera and 0xDezzy for additional insights Huge thanks to bl4ckh0l3z for fixing, cleaning and refactoring the code significantly! This script extracts private key

CVE-2019-11510-PulseVPN In Pulse Secure Pulse Connect Secure (PCS) 82 before 82R121, 83 before 83R71, and 90 before 90R34, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability exploitsh = Exploring Vulnerability detect-pulsesh = Checks a list of IP's which are running Pulse Secure dr4x-wordlist

This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510.

check-your-pulse This utility can help determine if indicators of compromise (IOCs) exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510 The Cybersecurity and Infrastructure Security Agency (CISA) has seen many organ izations breached despite patching their appliance because of Active Directory credentials (to include Domain Admin) harvested prior to

Attacking and defending web and VPN session hijacking in Pulse Secure Connect

Session hijacking in PulseSecure Server Depending on the configuration, all versions are affected including latest release 90R34 See the vendor's response for the gory configuration details Disclaimer Please note that on a fully patched Pulse server this vulnerability is not exploitable by itself and is only useful under very specific circumstances For this exploit to

Resources about network security, including: Proxy/GFW/ReverseProxy/Tunnel/VPN/Tor/I2P, and MiTM/PortKnocking/NetworkSniff/NetworkAnalysis/etc。More than 1700 open source tools for now. Post incoming.

所有收集类项目: 收集的所有开源工具: 超过18K, 包括Markdown和Json两种格式 逆向资源: IDA/Ghidra/x64dbg/OllDbg/WinDBG/CuckooSandbox/Radare2/BinaryNinja/DynamoRIO/IntelPin/Frida/QEMU/Android安全/iOS安全/Window安全/Linux安全/macOS安全/游戏Hacking/Bootkit/Rootkit/Angr/Shellcode/进程注入/代码注入/DLL注入/WSL/Sysmon/ 网络相关的

Dorks for Google, Shodan and BinaryEdge

Dorks are cool Dorks for Google, Shodan and BinaryEdge Only for use on bug bounty programs or in cordination with a legal security assesment I am in no way responsible for the usage of these search queries Be responsible thanks - wwwbugcrowdcom/resource/what-is-responsible-disclosure/ This repository is "under construction" feel free to make pull requests

Pulse-Secure-SSL-VPN-CVE-2019 漏洞编号: CVE-2019-11510——任意文件读取(无需授权) CVE-2019-11542——堆栈缓冲区溢出(管理员权限) CVE-2019-11539——命令注入(管理员权限) CVE-2019-11538——通过NFS读取任意文件(用户权限) CVE-2019-11508——通过NFS写入任意文件(用

渗透测试用PoC、工具集合

Penetration_Testing_POC_With_Python IOT Device Web APP Mobile APP PC tools 说明 Penetration_Testing_POC_With_Python 搜集有关渗透测试中用python编写的POC、脚本 请使用搜索查找 IOT Device 天翼创维awifi路由器存在多处未授权访问漏洞 华为WS331a产品管理页面存在CSRF漏洞 CVE-2019-16313 蜂网互联企业级路由器v431密码泄

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&amp;&a

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete

红方人员作战执行手册

红方人员实战手册 声明 Author : By klion Date : 2020215 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" / "防御"方 提供更加全面实用的参考 还是那句老闲话 "未知攻焉知防", 所有单纯去说 "攻" 或者 "防" 的都是耍流氓, 攻守兼备

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

公开收集所用

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&amp;Mobile

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Feds Hit with Successful Cyberattack, Data Stolen
Threatpost • Tara Seals • 24 Sep 2020

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Thursday, not naming the agency but providing technical details of the attack. Hackers, it said, gained initial access by using employees’ legitimate Microsoft Office 365 log-in credentials to sign onto an agency computer remotely.
“The cyber-threat a...

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Threatpost • Lindsey O'Donnell • 14 Sep 2020

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.
Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the...

Leading US video delivery provider confirms ransomware attack
BleepingComputer • Sergiu Gatlan • 09 Sep 2020

SeaChange International, a US-based leading supplier of video delivery software solutions, has confirmed a ransomware attack that disrupted its operations during the first quarter of 2020.
The company is traded on NASDAQ as SEAC and it has locations in Poland and Brazil. Its customer list includes telecommunications companies and satellite operators such as the BBC, Cox, Verizon, AT&T, Vodafone, Direct TV, Liberty Global, and Dish Network Corporation.


...

Pioneer Kitten APT Sells Corporate Network Access
Threatpost • Elizabeth Montalbano • 01 Sep 2020

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity.
Pioneer Kitten is a hacker group that specializes in infiltrating corporate networks using open-source tools to compromise remote external services. Researchers observed an actor associated with the group advertising access to compromised network...

Iranian hackers are selling access to corporate networks
BleepingComputer • Sergiu Gatlan • 01 Sep 2020

An Iranian-backed hacker group has been observed while seeking to sell access to compromised corporate networks to other threat actors on underground forums and attempting to exploit F5 BIG-IP devices vulnerable to CVE-2020-5902 exploits.
The Iranian hackers have been active since at least 2017 and are being tracked as Pioneer Kitten by cyber-security firm Crowdstrike, as Fox Kitten [1, 2] by threat intelligence firm ClearSky, and as Parisite [1, 2] by ICS security firm Dragos.

MITRE shares this year's top 25 most dangerous software bugs
BleepingComputer • Sergiu Gatlan • 20 Aug 2020

Image: Glenn Carstens-Peters
MITRE today shared a list of the top 25 most common and dangerous weaknesses plaguing software during the last two previous years.



PLAY







...

Network intruders selling access to high-value companies
BleepingComputer • Ionut Ilascu • 11 Aug 2020

Breaching corporate networks and selling access to them is a business in and of itself. For many hackers, this is how they make their living, others do it forced by financial struggles to supplement their revenue.
One actor claiming they returned to black hat activities after laying low for a while has recently churned out network access credentials for big and small companies across the world.



PLAY
...

FBI: Iranian hackers trying to exploit critical F5 BIG-IP flaw
BleepingComputer • Sergiu Gatlan • 08 Aug 2020

The FBI warns of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.
F5 Networks (F5) released security updates to fix the critical 10/10 CVSSv3 rating F5 Big-IP ADC vulnerability tracked as CVE-2020-5902 on July 3, 2020.



PLAY

...

FBI warns of Netwalker ransomware targeting US government and orgs
BleepingComputer • Sergiu Gatlan • 29 Jul 2020

The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices.
FBI's flash alert also provides indicators of compromise associated with the Netwalker ransomware (also known as Mailto) and includes a list of recommended mitigation measures.



PLAY
...

Hackers Look to Steal COVID-19 Vaccine Research
Threatpost • Tara Seals • 16 Jul 2020

Threat actor known as APT29 has been hard at work attempting to pilfer COVID-19 vaccine research from academic and pharmaceutical research institutions in various countries around the world, including the U.S.
That’s according to a joint alert from the U.S. Department of Homeland Security (DHS), the U.K.’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE),  issued Thursday.
The 14-page advisory details the recent activity of Russi...

Russian hackers target COVID-19 vaccine research with custom malware
BleepingComputer • Ionut Ilascu • 16 Jul 2020

Hackers likely working for Russian intelligence services have been attacking organizations involved in the research and development of a vaccine against the new coronavirus.
The activity is ongoing, attributed to the APT29 threat group, also tracked as Cozy Bear, The Dukes, and Yttrium. Targets are in the government, healthcare, diplomatic, think-tank, and energy sectors.



PLAY

...

NSA releases guidance on securing IPsec Virtual Private Networks
BleepingComputer • Sergiu Gatlan • 02 Jul 2020

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.
Besides providing organizations with recommendations on how to secure IPsec tunnels, NSA's VPN guidance also highlights the importance of using strong cryptography to protect sensitive info contained within traffic while traversing untrusted networks when connecting to remote servers.
Following these recommendations...

US govt shares list of most exploited vulnerabilities since 2016
BleepingComputer • Sergiu Gatlan • 12 May 2020

US Government cybersecurity agencies and specialists today have released a list of the top 10 routinely exploited security vulnerabilities between 2016 and 2019.
Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader US Government issued the AA20-133A alert through the National Cyber Awareness System to make it easier for organizations from the public and private sector to prioritize patching in their environments.
"The...

US govt: Hacker used stolen AD credentials to ransom hospitals
BleepingComputer • Sergiu Gatlan • 18 Apr 2020

Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using Active Directory credentials stolen months after exploiting a known pre-auth remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.
Even though the vulnerability tracked as CVE-2019-11510 was patched by Pulse Secure one year ago, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations in January 2020 to patch their Pulse Secure VPN server...

DHS Urges Pulse Secure VPN Users To Update Passwords
Threatpost • Lindsey O'Donnell • 17 Apr 2020

The Department of Homeland Security (DHS) is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN.
DHS warns that the Pulse Secure VPN patches may have come too late. Government officials say before the patches were deployed, bad actors were able to compromise Active Directory accounts. So even those who have patched for the bug could still be c...

Chinese Hackers Use Cisco, Citrix, Zoho Exploits In Targeted Attacks
BleepingComputer • Sergiu Gatlan • 25 Mar 2020

The Chinese state-sponsored group APT41 has been at the helm of a range of attacks that used recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.
It is not known if the campaign that started in January 2020 was designed to take advantage of companies having to focus on setting up everything needed by their remote workers while in COVID-19 lockdown or quarantine but, as FireEye resea...

UK Fintech Firm Finastra Hit By Ransomware, Shuts Down Servers
BleepingComputer • Sergiu Gatlan • 20 Mar 2020

Finastra, a leading financial technology provider from the UK, announced that it had to take several servers offline following a ransomware attack detected earlier today.
The fintech company provides financial software and services to more than 9,000 customers of all sizes from 130 countries across the globe, including 90 of the top 100 banks globally.
Finastra also has over 10,000 employees working from 42 offices, including London, New York, and Toronto, and a $1.9 billion in re...

US Govt Shares Tips on Securing VPNs Used by Remote Workers
BleepingComputer • Sergiu Gatlan • 13 Mar 2020

The Department of Homeland Security's cybersecurity agency today shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations have made working from home the default for their employees in response to the Coronavirus disease (COVID-19) pandemic.
"As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity," an alert publ...

FBI Releases Alert on Iranian Hackers' Defacement Techniques
BleepingComputer • Sergiu Gatlan • 27 Jan 2020

The FBI Cyber Division issued a flash security alert earlier this month with additional indicators of compromise from recent defacement attacks operated by Iranian threat actors and info on attackers' TTPs to help administrators and users to protect their websites.
The Cybersecurity and Information Security Agency (CISA) also published a reminder on the same day to provide cybersecurity best practices on safeguarding websites from cyberattacks that could lead to defacement or data breaches...

FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
BleepingComputer • Sergiu Gatlan • 17 Jan 2020

FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers.
The US Cybersecurity and Infrastructure Security Agency (CISA) previously alerted organizations on January 10 to patch their Pulse Secure VPN servers against ongoing attacks trying to exploit the flaw tracked as CVE-2019-11510.
This bug enables unauthenticated remo...

US Govt Warns of Attacks on Unpatched Pulse VPN Servers
BleepingComputer • Sergiu Gatlan • 10 Jan 2020

The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.
This warning follows another alert issued by CISA in October 2019, and others coming from the National Security Agency (NSA), the Canadian Centre for Cyber Security, and UK's National Cyber Security Center (NCSC).
Pulse Secure reported the vulnerabi...

That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time
The Register • Shaun Nichols in San Francisco • 07 Jan 2020

Plug this security bypass... if you can even find the boxes running it

Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.
British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.
The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is p...

Sodinokibi Ransomware Behind Travelex Fiasco: Report
Threatpost • Tara Seals • 07 Jan 2020

The Sodinokibi ransomware strain is apparently behind the New Year’s Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services.
The criminals behind the attack are demanding a six-figure sum in return for the decryption key, according to reports, and are directing the company to a payment website hosted in Colorado.
“It is just business. We absolutely do not care about you or your details, except gettin...

Sodinokibi Ransomware Hits Travelex, Demands $3 Million
BleepingComputer • Ionut Ilascu • 06 Jan 2020

It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
The attack occurred on December 31 and affected some Travelex services. This prompted the company to take offline all its computer systems, a precaution meant "to protect data and prevent the spread of the virus."
As a result, customers could ...

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
Threatpost • Elizabeth Montalbano • 08 Oct 2019

State-sponsored advanced persistent threat (APT) groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials.
The National Security Agency (NSA) issued a Cybersecurity Advisory Monday about the threats and offered mitigation suggestions, warning that multiple APT actors have weaponized three critical vulnerabilities first published in August–C...

The Register

An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information.
This is according to Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), which on Thursday went into technical detail on how an intruder: broke into staffers' Office 365 accounts; gained access the agency's internal network via its VPN; and installed malware and exfiltrated data.
"CISA became aware – via EINSTEIN, CISA's intrusion detection syste...

Black Kingdom ransomware hacks networks with Pulse VPN flaws
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Operators of Black Kingdom ransomware are targeting enterprises with unpatched Pulse Secure VPN software or initial access on the network, security researchers have found.
The malware got caught in a honeypot, allowing researchers to analyze and document the tactics used by the threat actors.
They’re exploiting CVE-2019-11510, a critical vulnerability affecting earlier versions of Pulse Secure VPN that was patched in April 2019. Companies delayed updating their software even after ...

The Register

Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.
The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran.
“CISA and FBI are aware of a widespread campaign from an Iran-based malicious cybe...

Ransomware's big jump: ransoms grew 14 times in one year
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.
There are well over a dozen operators in the ransomware-as-a-service (RaaS) game, each with a host of affiliates that focus on enterprise targets across the world.
Since the infamous GandCrab group called it quits in mid-2019, the ransomware landscape changed drastically. The ...

Nation-state hackers are targeting COVID-19 response orgs
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups according to a joint advisory issued today by cyber-security agencies from the US and the UK.
Healthcare bodies, medical research organizations, pharmaceutical companies, academia, and local governments are some examples of organizations currently being targeted by state-backed hacking groups.
"APT actors frequently target organizati...

The Register

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.
Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted.
In a joint statement, the FBI and Homeland Security's Cybersecu...

Staples' order tracking system led to exposing customer info
BleepingComputer • Ionut Ilascu • 01 Jan 1970

The reason for the recent notification from Staples to some of its customers about exposed order details was caused by insufficient protections for retrieving shopper information from current and past orders.
Staples said that they found no evidence of unauthorized purchases on behalf of impacted customers and that they fixed the issue.



PLAY


<...

Staples data breach caused by bug in order tracking system
BleepingComputer • Ionut Ilascu • 01 Jan 1970

The reason for the recent notification from Staples to some of its customers about exposed order details was caused by insufficient protections for retrieving shopper information from current and past orders.
Staples said that they found no evidence of unauthorized purchases on behalf of impacted customers and that they fixed the issue.



PLAY


<...