In Pulse Secure Pulse Connect Secure (PCS) 8.2 prior to 8.2R12.1, 8.3 prior to 8.3R7.1, and 9.0 prior to 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ivanti connect secure 9.0 |
||
ivanti connect secure 8.2 |
||
ivanti connect secure 8.3 |
A look at the cyber security trends from the third quarter of 2020.
Posted: 18 Dec, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q3 2020A look at the cyber security trends from the third quarter of 2020.We took a look through telemetry from our vast range of data sources and selected some of the trends that stood out from July, August, and September 2020 From significant increases in Emotet and Cobalt Strike activity to a spike in the number of server vulnerability exploit attempts, let...
Get our weekly newsletter Am I only dreaming, or is this burning an Eternal Blue?
Some vulnerabilities remain unreported for the longest time. The 12-year-old Dell SupportAssist remote code execution (RCE) flaw – which was finally unearthed earlier this year – would be one example. Others, however, have not only been long since reported and had patches released, but continue to pose a threat to enterprises. A joint advisory from the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA), published in late July, listed the ...
Crucial flaw won't be fixed until next month Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws
Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month. On Tuesday, IT software supplier Ivanti, the parent of Pulse Secure, issued a wake-up call to its customers by revealing it looks as though select clients were compromised via their encrypted gateways. "There is a new issue,...
You know that update thing? JFDI
Out of the top five vulnerabilities for 2020 three dated back to 2019 or earlier, according to infosec firm Tenable's annual threat report. While Zerologon was the company's number one insecurity for 2020, the hoary old Pulse Secure VPN vuln (CVE-2019-11510) was number three, while flaws in Citrix and Fortinet connectivity platforms dating from 2019 and 2018 respectively were also up there. "As long as unpatched vulnerabilities remain a problem for organizations, you can expect us to keep harpin...
Hacker had set up shop on network using stolen Office 365 accounts Feeling bad about your last security audit? Check out what just happened to the US Department of Interior
An unspecified US government agency was hacked by a miscreant who appears to have made off with archives of information. This is according to Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), which on Thursday went into technical detail on how an intruder: broke into staffers' Office 365 accounts; gained access the agency's internal network via its VPN; and installed malware and exfiltrated data. "CISA became aware – via EINSTEIN, CISA's intrusion detection system that monit...
Please just patch your infrastructure, begs US-CISA What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds
Where Chinese hackers exploit, Iranians aren’t far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure. The warning mirrors one issued earlier this week for exactly the same vendors, except with China as the malevolent party instead of Iran. “CISA and FBI are aware of a widespread campaign from an Iran-based malicious cyber actor targ...
Beijing's snoops don't even need zero-days to break into valuable networks
The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. Yes, this sounds like something from the Department of the Bleeding Obvious – spies do spying on all sides, and all that – but what's interesting in this latest warning is the roll call of vulnerable products being targeted. In a joint statement, the FBI and Homeland Security's Cybersecurity and Inf...
Plug this security bypass... if you can even find the boxes running it Tricky VPN-busting bug lurks in iOS, Android, Linux distros, macOS, FreeBSD, OpenBSD, say university eggheads
Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties. British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks. The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is present in Pu...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...