Pulse Secure addressed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is actively used to compromise the internal networks of defense and government agencies.
Last week, cybersecurity firm FireEye announced that threat actors are being actively exploited the zero-day vulnerability, tracked as CVE-2021-22893to deploy malware on Pulse Secure devices to steal credentials and allow backdoor access to compromised networks.
A day later, the U.S. Agency for Cybersecurity and Infrastructure Security (CISA) issued an emergency policy Requesting federal authorities to reduce the vulnerability within two days by disabling the Windows File Share Browser and Pulse Secure Collaboration features.
Pulse Secure has that too Pulse Connect Secure Integrity Tool to check if hackers have modified any files on their Pulse Secure appliances.
Security update for CVE-2021-22893 released
Today Pulse Secure …