Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support
In many instances, the attackers took advantage of an authentication bypass vulnerability in the Pulse Connect Secure (PCS) appliance (CVE-2021-22893) and a combination of previously known vulnerabilities to gain initial access on a victim network. The authentication bypass flaw was discovered and patched last month but only after attackers had begun exploiting it in the wild. However, Mandiant researchers were often unable to determine an initial access vector because the threat actors deleted or altered forensic evidence or the Pulse Secure appliance itself had gone through software updates that destroyed evidence of initial compromise.
Mandiant s warning this week on the advanced persistent threat (APT) activity from China targeted at US and European companies is an update to a warning it had issued last month on the same issue. In that alert, Mandiant had reported on two China-based groups UNC2630 and UNC2717 using a battery of malware tools to target vulnerabilities in Pu
minute read
Share this article:
One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.
Pulse Secure has issued a workaround for a critical remote-code execution (RCE) vulnerability in its Pulse Connect Secure (PCS) VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges.
Pulse Secure’s parent company, Ivanti, issued an out-of-band advisory on May 14. The company explained that this high-severity bug – identified as CVE-2021-22908 and rated CVSS 8.5 – affects Pulse Connect Secure versions 9.0Rx and 9.1Rx.
“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” according to the advisory. “As of version 9.1R3, this permission is not enabled by default.”
CISA received $650 million from the American Rescue Plan Act, but the agency s top officials have described that as only a "down payment" to move the government s cybersecurity efforts.
Biden Signs Sweeping Executive Order on Cybersecurity
Compliance
Compliance
DougOlenick) • May 12, 2021
President Joe Biden
President Joe Biden signed an extensive executive order Wednesday detailing the government s plan to increase cybersecurity protection across the public and private sectors, as well as securing the nation s digital infrastructure against that type of attack that targeted SolarWinds and its customers.
The Executive Order on Improving the Nation’s Cybersecurity covers a myriad of topics, including improving the ability for the public and private sector to share intelligence; modernizing the federal government s approach to cybersecurity; and enhancing supply chain security.
The executive order, which had been expected for weeks, is part of the Biden Administration response to a series of cybersecurity incidents that have happened over the last several months, including th