CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

ronjor · Apr 20, 2021

Original release date: April 20, 2021

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.
In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to offer technical details regarding this activity. Ivanti has provided a mitigation and is developing a patch.
CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to follow the guidance in Alert AA21-110A, which includes:
Click to expand...

ronjor · Apr 20, 2021

CISA Issues Emergency Directive on Pulse Connect Secure

Original release date: April 20, 2021
CISA has issued Emergency Directive (ED) 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure (PCS) software. An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operating the vulnerable PCS device. These vulnerabilities are being exploited in the wild.
Click to expand...

Specifically, ED 21-03 directs federal departments and agencies to run the Pulse Connect Secure Integrity Tool on all instances of PCS virtual and hardware appliances to determine whether any PCS files have been maliciously modified or added.
Click to expand...

Although ED 21-03 applies to Federal Civilian Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others to run the Pulse Connect Secure Integrity Tool and review ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities for additional mitigation recommendations.
Click to expand...

hawki · Apr 30, 2021

"Five U.S. Agencies May Have Been Hacked Through Ivanti Flaws...

'CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access,'Matt Hartman, a deputy executive assistant director at CISA, said Thursday in a statement..."

https://www.bloomberg.com/news/arti...acked-through-ivanti-flaws?srnd=technology-vp

hawki · May 3, 2021

"Pulse Secure fixes VPN zero-day used to hack high-value targets

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies...

Pulse Secure also released the Pulse Connect Secure Integrity Tool to check if hackers modified any files on their Pulse Secure appliances..."

https://www.bleepingcomputer.com/ne...vpn-zero-day-used-to-hack-high-value-targets/

ronjor · May 3, 2021

Ivanti Releases Pulse Secure Security Update

Original release date: May 03, 2021
Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure (PCS) software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities on April 20 and added detection information on April 30.
Click to expand...

CISA strongly encourages customers using Ivanti Pulse Connect Secure appliances to review the blog post and apply the necessary updates. For additional information, CISA recommends reviewing the following resources and tools below.

CISA Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Pulse Security Integrity Checker Tool
Click to expand...

guest · Aug 24, 2021

CISA Releases Five Pulse Secure-Related MARs
August 24, 2021
https://us-cert.cisa.gov/ncas/curre.../cisa-releases-five-pulse-secure-related-mars

As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following five malware analysis reports (MARs) for threat actor tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), and review CISA’s Alert, Exploitation of Pulse Connect Secure Vulnerabilities, for more information.
Click to expand...

MAR-10333243-3.v1: Pulse Connect Secure

MAR-10334057-3.v1: Pulse Connect Secure

MAR-10336935-2.v1: Pulse Connect Secure

MAR-10338401-2.v1: Pulse Connect Secure

MAR-10339606-1.v1: Pulse Connect Secure

Click to expand...

Log in or Sign up

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

ronjor Global Moderator

ronjor Global Moderator

hawki Registered Member

hawki Registered Member

ronjor Global Moderator

guest Guest

Log in or Sign up

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

ronjor Global Moderator

ronjor Global Moderator

hawki Registered Member

hawki Registered Member

ronjor Global Moderator

guest Guest

Useful Searches