Collaborate Disseminate
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek.
Continue reading Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by the US Cybersecurity and Infrastructure Security Agency. Most exploited vulne… Continue reading The 15 most exploited vulnerabilities in 2021
Ivanti announced that it has named Jeff Abbott as the new CEO, succeeding Jim Schaper in the role. Ivanti is backed by Clearlake Capital Group, L.P., TA Associates, and Charlesbank Capital Partners, LLC. Mr. Abbott has served as President of the compan… Continue reading Ivanti names Jeff Abbott as CEO
The patch for a vulnerability (CVE-2020-8260) in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. This new patch bypass vulnerability that could lead to remote … Continue reading Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)
Cato Networks announced its further expansion in Germany and the DACH region. Cato opened a new PoP in Munich and made two new appointments to the sales management team in Germany. “The new Munich point of presence (PoP) joins our Frankfurt and Z… Continue reading Cato Networks expands in Germany and the DACH region
After SolarWinds and the Exchange débâcle, here’s the third shoe to drop.
The post China Silently Hacked Gov’t and Defense for a Year or More appeared first on Security Boulevard.
Continue reading China Silently Hacked Gov’t and Defense for a Year or More
The FireEye Mandiant team has discovered multiple threat actors exploiting a zero-day vulnerability in Pulse Secure VPN appliances. The attack infrastructure is very sophisticated. The attacks persist in the VPN appliances, even across software updates… Continue reading Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency. Multiple agencies have been breached, but just how many is unclear. “We’re aware of 24 agencies running Pulse Connect Secure devices, but it’s too early to determine conclusively how many have actually had the vulnerability exploited,” Scott McConnell, a spokesman for DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop on Wednesday. FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon. CyberScoop’s review of agency records found that multiple U.S. government-funded labs conducting national security-related research appear to run Pulse Connect Secure virtual private network software, which allows employees to log […]
The post At least 24 agencies run Pulse Secure software. How many were hacked is an open question. appeared first on CyberScoop.
Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, government, and financial organizations around the world, Madiant has warned on … Continue reading Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]
The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.