Security company Ivanti says it has fixed a zero-day vulnerability Pulse Connect Secure (PCS) VPN Appliances that have been actively abused to endanger the internal networks of defense companies and government agencies.
Recently Research Cyber Security and Infrastructure Security Agency (CISAA zero-day vulnerability in PCS has revealed that cybercriminals can violate at least five US federal agencies.
According to cybersecurity Our company FireEyeThis vulnerability, tracked as CVE-2021-22893, allowed an attacker to deploy malware on PCS devices, steal credentials and provide backdoor access to compromised networks.
Readers are considering how to use a VPN to create detailed reports for the future. Please let us know your opinion in the questionnaire below. It doesn’t take more than 60 seconds of your time.
>> Click here to start the survey in a new window <
FireEye attributed cyberattacks to hackers believed to be based in China.
Under constant threat
Ivanti responded by first releasing the Pulse Connect Secure Integrity Tool, which allows users to see if a hacker has modified a file on a Pulse Secure appliance.
They followed up on this by fully patching the vulnerability with the help of CISA, FireEye, and other cybersecurity experts.
“The Pulse team took immediate steps to provide direct mitigation measures to a limited number of affected customers and fixed the risks to the system. These shorts to address the vulnerabilities. We are pleased to be able to provide security patches in sequence, “says Phil. Richards, Chief Information Security Officer at Ivanti.
In light of the attack, Richards added that he is making a “significant investment” to strengthen the overall cybersecurity regime, including a broader implementation of secure application development standards.
via Bleeping Computer
Pulse Secure states that it has fixed a VPN issue where key targets were hacked
Source link Pulse Secure states that it has fixed a VPN issue where key targets were hacked