Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

When implementing any security control, like a VPN, it’s good practise to consider that your security has worsened until you have established some way of monitoring and ensuring the continued effectiveness of that control. Implementing a VPN, especially in the consumer space, might be harming your security posture…:

VPN provider Pulse Secure on Monday urged customers to immediately apply a security patch if they have not yet done so. The company issued the patch last April to address a critical, remotely executable flaw in some versions of its products.

The advice stemmed from reports over the last few days of attackers exploiting the flaw — tracked as CVE-2019-1150 — to deliver ransomware on enterprise systems and to delete data backups and disable endpoint security tools.

Among those believed affected in the ongoing campaign is travel insurance and currency exchange provider Travelex, which experienced a massive service disruption this week following a reported ransomware attack on its systems on New Year’s Eve. The attack, involving the use of ransomware known as REvil (Sodinokibi), forced the company to take all of its systems offline and to resort to manual operations at branches worldwide.

Travelex did not respond immediately to a Dark Reading request seeking an update on the incident.

UK security researcher Kevin Beaumont, who first reported the attacks on Saturday, described at least two organizations as having been compromised so far by recent attacks targeting the Pulse Secure VPN flaw.

“Pulse Secure publicly provided a patch fix on April 24, 2019 that should be immediately applied to the Pulse Connect Secure [VPN],” says Scott Gordon, chief marketing officer at Pulse Secure. “Do not delay as the CVE-2019-1150 vulnerability is highly critical,” he warns.

[…]

Original article here