HomeCyber SecurityPulse Connect Secure Vulnerability Used to Target Water Agency, Verizon

Pulse Connect Secure Vulnerability Used to Target Water Agency, Verizon

By Scott Caveza, research engineering manager, Tenable

The trend of attacks against critical infrastructure continues as news broke overnight that Verizon and one of the largest water agencies in the US were reportedly among the group targeted in the hack of Pulse Connect Secure devices. An out-of-band advisory warning that foreign threat actors were targeting previously known vulnerabilities in Pulse Secure was issued on April 20 but the scale of the hack is now starting to become clear.

“On April 20, Pulse Secure released an out-of-band advisory warning that foreign threat actors were targeting three previously known vulnerabilities (CVE-2019-11510, CVE-2020-8243 and CVE-2020-8260) along with a newly discovered critical authentication bypass zero-day vulnerability (CVE-2021-22893). In the months since, we are now learning about new victims in these attacks as we continue to see attackers leveraging well-known vulnerabilities in their attack chains. CVE-2019-11510, which has been exploited in the wild since details became public in August 2019, was one of the Top 5 vulnerabilities in Tenable’s 2020 Threat Landscape Retrospective report because of its ease of exploitation and widespread exploitation.

“Bad actors are targeting core infrastructure and organisations very aggressively. Patching and securing critical devices must remain a top priority for defenders who should be implementing compensating controls wherever this is not practical. Attackers have had continued success exploiting known vulnerabilities, many with easily identified public proof-of-concept code and patches readily available. Among other things, attackers are targeting networks through VPNs to gain entry into private networks.”

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS