More US agencies potentially hacked, this time with Pulse Secure exploits

More US agencies potentially hacked, this time with Pulse Secure exploits

Enlarge (credit: Getty Images)

At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday.

The vulnerabilities in Pulse Connect Secure, a VPN that employees use to remotely connect to large networks, include one that hackers had been actively exploiting before it was known to Ivanti, the maker of the product. The flaw, which Ivanti disclosed last week, carries a severity rating of 10 out of a possible 10. The authentication bypass vulnerability allows untrusted users to remotely execute malicious code on Pulse Secure hardware, and from there, to gain control of other parts of the network where it's installed.

Federal agencies, critical infrastructure, and more

Security firm FireEye said in a report published on the same day as the Ivanti disclosure that hackers linked to China spent months exploiting the critical vulnerability to spy on US defense contractors and financial institutions around the world. Ivanti confirmed in a separate post that the zeroday vulnerability, tracked as CVE-2021-22893, was under active exploit.

Read 9 remaining paragraphs | Comments



from RSSMix.com Mix ID 8290670 https://ift.tt/2ScMsG5

Comments

Post a Comment

Popular posts from this blog

Index and Credo lead a $2.75M seed in anti-fraud tech, Resistant AI

Image
Prague based Resistant AI has nabbed a $2.75M seed round. The security startup’s machine learning technology is designed to be deployed on top of AI systems used for financial decision making to protect customers in markets such as financial services and ecommerce from attacks such as targeted manipulation, adversarial machine learning and advanced fraud. The seed round was co-led by Index Ventures (Jan Hammer) and Credo Ventures (Ondrej Bartos and Vladislav Jez). Seedcamp also participating, along with Daniel Dines, CEO of UiPath; Michal Pechoucek, CTO of Avast and other unnamed angel investors. Bartos joins the board of directors on behalf of the investors. The startup sells an additional layer of protection that’s specifically designed for tightening security around automated functions such as credit risk scoring and anti-money laundering by using tech to detect fake documents that feed such systems. Its tech is also aimed at uncovering suspicious patterns of transactions whic...
Read more

UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is "theoretical" (Joseph Cox/Motherboard)

Image
Joseph Cox / Motherboard : UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is “theoretical”   —  Motherboard has identified a specific UK bank that has fallen victim to so-called SS7 attacks, and sources say the issue is wider than previously reported. from Techmeme http://bit.ly/2FYYCex
Read more

This Week in Apps: Facebook’s other Clubhouse rival, Apple details ATT, App Store trial nears

Image
Welcome back to This Week in Apps,  the weekly TechCrunch series  that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app industry is as hot as ever, with a record  218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also  spent  3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices. Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a  combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year. This Week in Apps will soon be a newsletter! Sign up here: techcrunch.com/news...
Read more