Share
Two weeks after researchers warned that attackers in China were exploiting a newly discovered vulnerability in the Pulse Connect Secure VPN appliance, the company has released a patch for that flaw, along with several others that can be used for remote code execution.
The vulnerability that surfaced in April (CVE-2021-22893) is in fact a collection of several use-after-free bugs in Pulse Connect Secure. Attackers have been exploiting the flaws for some time, perhaps as long as several years. Specialists from Mandiant discovered the attack activity a few months ago during the course of an incident response investigation and said a newly identified group the company calls UNC2630 was exploiting the flaws. Other groups may also have been targeting the vulnerabilities.
Pulse Secure VPN Zero-Day Flaw Patched
May 20, 2021
Compliance
May 4, 2021
Compliance
Compliance Twitter Get Permission
Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies, critical infrastructure providers and other companies over the last several weeks.
The zero-day flaw, which is tracked as CVE-2021-22893, is one of at least four vulnerabilities in Pulse Connect Secure VPN products that have been exploited by various groups, including one with connections to China, since earlier this year. In April, security firm FireEye published a report about the attacks as well as details about the zero-day bug that was being exploited (see:
By
Brad D. Williams on April 30, 2021 at 1:33 PM
UPDATED: Adds information on CISA’s update today to the activity alert originally issued on April 20.
WASHINGTON: CISA confirmed today it’s investigating at least five federal agencies to determine whether they were breached via recently disclosed vulnerabilities in Pulse Connect Secure appliances.
Matt Hartman, deputy executive assistant director at CISA, said in a statement provided to
Breaking Defense, “CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access. We are working with each agency to validate whether an intrusion has occurred and will offer incident response support accordingly.”
April 30, 2021 Share
For at least the third time since the beginning of this year, the U.S. government is investigating a hack against federal agencies that began during the Trump administration but was only recently discovered, according to senior U.S. officials and private sector cyber defenders.
It is the latest supply chain cyberattack, highlighting how sophisticated, often government-backed groups are targeting vulnerable software built by third parties as a steppingstone to sensitive government and corporate computer networks.
The new government breaches involve a popular virtual private network (VPN) known as Pulse Connect Secure, which hackers were able to break into as customers used it.
Ivanti said in a statement that it was working closely with CISA and cybersecurity experts to investigate and respond quickly to malicious activity that was identified on a very limited number of customer systems . Reuters
The US Department of Homeland Security has determined that flaws in Ivanti Inc’s products may have allowed hackers to breach at least five federal agencies.
The Department’s Cybersecurity and Infrastructure Security Agency, known as CISA, has been working with organisations targeted through vulnerabilities in Ivanti’s Pulse Connect Secure products and required federal civilian agencies to run a tool designed to find them.