"Pulse Secure Patches Critical Zero-Day Flaw"

Pulse Secure has patched a critical zero-day vulnerability that multiple APT groups were exploiting to target US defense companies, among other entities.  The new security update fixes CVE-2021-22893, a critical authentication bypass vulnerability in the Pulse Connect Secure VPN product, which has a CVSS score of 10.0.  The vulnerability was being exploited in combination with bugs from 2019 and 2020, patched by the vendor but not applied by some organizations, to bypass multi-factor authentication on the product. This allowed attackers to deploy webshells for persistence and perform surveillance activities.  Researchers had tracked 12 malware families to the exploitation of the vulnerability, and at least one state-sponsored attack group, APT5.  Reports of these attacks first started to appear around two weeks ago, with both the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) issuing warnings to organizations.

 

Infosecurity reports: "Pulse Secure Patches Critical Zero-Day Flaw"

Submitted by Anonymous on