Companies using Pulse Secure’s mobile VPN should fix vulnerabilities that are reportedly being exploited in the wild, possibly by a “Chinese spy actor.”
The patch –available here– Is considered important enough that the Agency for Cybersecurity and Infrastructure Security (CISA) has given federal agencies April 23rd to apply it.
According to CISA guidelines, federal users of Pulse Connect Secure VPNs must use the company’s free utility to determine if their devices are vulnerable.
If the vulnerability is identified, affected Pulse Secure government software and devices must be immediately isolated from the network and a full report must be drawn up. In addition to the vulnerability detection tool, Pulse Secure has released a replacement XML configuration file that prevents the exploits from working on affected devices.
“Organizations should review available forensic evidence to determine whether an attacker has compromised …