Threat actors are targeting one newly discovered and three previously known vulnerabilities in Pulse Connect Secure enterprise VPNs, according to a CISA emergency directive and alert, as well as blog posts by FireEye and Ivanti. There is no indication the identified backdoors were introduced through a supply chain compromise of the company s network or software deployment process, FireEye noted.
By
Brad D. Williams on April 20, 2021 at 9:00 PM
Get Permission
A new zero-day vulnerability in Ivanti s Pulse Connect Secure products is being combined with recently patched flaws to attack U.S. federal agencies.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that U.S. federal agencies and other entities have been compromised by two attack groups. Their primary goals are maintaining long-term access to networks, collecting credentials, and stealing proprietary data, says Charles Carmakal, senior vice president and CTO with FireEye Mandiant. We believe that multiple cyberespionage groups are using these exploits and tools, and there are some similarities between portions of this activity and a Chinese actor we call APT5.
Published: April 21st, 2021
Hackers steal driver’s licence numbers, an energy company drained of customer account data and be careful of this Wi-Fi air fryer.
Welcome to Cyber Security Today. It’s Wednesday, April 21. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Insurance company Geicois alerting customers that hackers got into its system and stole drivers’ licence numbers. Sometime between January 21st and March 1st the hackers used information about customers they got from other places to log into Geico’s online sales website. Combined with a person’s name and address, a driver’s licence number could be used for verification of identity when fraudulently applying for unemployment benefits. Geico is warning customers to alert their state unemployment agency if they get any mailings about benefits that weren’t applied for.
China-Linked Hackers Used VPN Flaw to Target US Defense Industry: Researchers theepochtimes.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theepochtimes.com Daily Mail and Mail on Sunday newspapers.
CISA said it was issuing the directive amid evidence of “ongoing exploitation” of the vulnerabilities occurring, adding the activity started as far back as June 2020 and has claimed numerous victims.
Specifically, CISA said the vulnerabilities have so far been exploited to result in compromises of U.S. government agencies, critical infrastructure entities and private sector organizations alike.
CISA explained that successful exploitation of the Pulse Connect Secure vulnerabilities could enable a hacker to gain persistent access into a system where the software has been installed.
“CISA has determined that this exploitation of Pulse Connect Secure products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” the agency stated.