Two weeks after researchers warned that attackers in China were exploiting a newly discovered one Vulnerability in the Pulse Connect Secure VPN ApplianceThe company has released a patch for this bug, along with several others that can be used for remote code execution.

The vulnerability that emerged in April (CVE-2021-22893) is in fact a collection of several afterthoughts in Pulse Connect Secure. Attackers have been using the shortcomings for some time, maybe for several years. Mandiant specialists discovered the attack activity a few months ago as part of an incident response investigation and said a newly identified group the company calls UNC2630 had exploited the flaws. Other groups may also have targeted the vulnerabilities.

“Earlier this year, Mandiant investigated multiple interventions in defense, government and financial organizations around the world. With each intrusion, the earliest evidence of the attacker’s activity was traced …



Source link

Leave a Reply