Pulse Connect Secure Vulnerability Used to Target Water Agency, Verizon
“On April 20, Pulse Secure released an out-of-band advisory warning that foreign threat actors were targeting three previously known vulnerabilities (CVE-2019-11510, CVE-2020-8243 and CVE-2020-8260) along with a newly discovered critical authentication bypass zero-day vulnerability (CVE-2021-22893). In the months since, we are now learning about new victims in these attacks as we continue to see attackers leveraging well-known vulnerabilities in their attack chains. CVE-2019-11510, which has been exploited in the wild since details became public in August 2019, was one of the Top 5 vulnerabilities in Tenable’s 2020 Threat Landscape Retrospective report because of its ease of exploitation and widespread exploitation.
“Bad actors are targeting core infrastructure and organisations very aggressively. Patching and securing critical devices must remain a top priority for defenders who should be implementing compensating controls wherever this is not practical. Attackers have had continued success exploiting known vulnerabilities, many with easily identified public proof-of-concept code and patches readily available. Among other things, attackers are targeting networks through VPNs to gain entry into private networks.” — Scott Caveza, research engineering manager, Tenable
ESPL signs Tiger Shroff as the face of the first-ever franchise based Esports
