Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, government, and financial organizations around the world, Mandiant/FireEye has warned on Tuesday.
Phil Richards, the Chief Security Officer at Ivanti – the company that acquired Pulse Secure in late 2020 – said that the zero-day vulnerability “impacted a very limited number of customers,” and that the software updates plugging the flaw will be released in early May.
In the meantime, they’ve offered some workarounds that can mitigate the risk of exploitation of that particular vulnerability, as well as a tool that can help defenders check if their systems have been affected.
The attackers’ modus operandi
According to Mandiant/ ..
Support the originator by clicking the read the rest link below.
 - Help Net Security){kind=link}