Bleeping Computer

Pulse Secure fixes VPN zero-day used to hack high-value targets

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt ...
Wired

VPN Hacks Are a Slow-Motion Disaster

This year has seen no shortage of blockbuster hacks, from the SolarWinds supply chain meltdown to China’s blitz against Microsoft Exchange servers. It’s a lot. But the outsized focus on those hacking ...
HHS

Pulse Connect Secure VPNs Still Under Attack

Two China-linked threat groups are still exploiting unpatched flaws in Ivanti's Pulse Connect Secure VPN products, using additional malware variants to support cyberespionage, FireEye's Mandiant ...
Dark Reading

Nearly 4,500 Pulse Connect Secure VPNs Left Unpatched and Vulnerable

Nearly 4,500 Pulse Connect Security SSL virtual private network hosts are running unpatched server software, leaving them open to cyberattacks. A new analysis from Censys of the Pulse Connect Secure ...
Threat Post

Pulse Secure VPNs Get Quick Fix for Critical RCE

One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again. Pulse Secure has issued a workaround for ...
Threat Post

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. Pulse Secure has rushed a fix for a critical ...