MCPmag

VPN Vulnerability Found in Ivanti's Pulse Connect Secure

Ivanti recently issued a warning about a new security vulnerability in its Pulse Connect Secure VPN appliances that enables "an unauthenticated user to perform remote arbitrary file execution on the ...
Redmond Magazine

Pulse Connect Secure VPN Gateway Has New 'Critical' Vulnerability Under Exploit

Ivanti's Pulse Secure on Tuesday noted that a new security vulnerability has been found in its Pulse Connect Secure VPN appliances. The new vulnerability (CVE-2021-22893) enables "an unauthenticated ...
Network World

Organizations need to patch Pulse Secure VPNs

Vulnerabilities in Pulse Connect Secure VPN software have reportedly been exploited by attackers, some believed linked to China, to compromise networks. Organizations using Pulse Secure’s mobile VPN ...

Fake enterprise VPN sites used to steal company credentials

A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal ...
Bleeping Computer

Pulse Secure fixes VPN zero-day used to hack high-value targets

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt ...
Ars Technica

Hackers are exploiting a Pulse Secure 0-day to breach orgs around the world

Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft ...
HHS

Pulse Connect Secure VPNs Still Under Attack

Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye's Mandiant ...
SDxCentral

Homeland Security Uncovers VPN Flaw in Cisco, F5, Palo Alto Networks, Pulse Secure

The National Cybersecurity and Communications Integration Center (NCCIC), the Department of Homeland Security’s cybersecurity division, published an alert on Friday highlighting a flaw found in a ...
CRN

Pulse Secure Urges Patch Deployment After VPN Server Passwords Leaked

The developer of secure access solutions said it estimates that 97 percent of customers have already applied the patch. Pulse Secure, a developer of secure access solutions, on Wednesday urged ...
ZDNet

Hacker leaks passwords for 900+ enterprise VPN servers

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. Also: The best VPNs in 2020 ZDNet, which ...
Microsoft

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since ...
CSOonline

Optimizing VPNs for security: 5 key tasks

As the need to support remote workers becomes long-term, it's wise to check your VPN configuration to minimize vulnerabilities. It appears that companies will need to support and protect ...