Plug this security bypass... if you can even find the boxes running it
Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties.
British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.
The vulnerability in question, CVE-2019-11510, was among the bugs patched back in April by an out-of-band update. The flaw is present in Pulse Connect Secure, a VPN program pitched at enterprises for remote workers and bring-your-own-device workers. The bug can basically be abused to extract plain-text passwords, and other secr ..
Support the originator by clicking the read the rest link below.