That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time

That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time

Plug this security bypass... if you can even find the boxes running it


Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.


British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.


The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is present in Pulse Connect Secure, a VPN program pitched at enterprises for remote workers and bring-your-own-device workers. The bug can basically be abused to extract plain-text passwords, and other secr ..

Support the originator by clicking the read the rest link below.