Gateways Into Corporate Networks Hacked
August 11, 2020
A hacker has published a list of plaintext usernames and passwords, along with IP addresses for more than 900 (as many as 1800 according to some reports) Pulse Secure VPN enterprise servers. Pulse Secure VPN servers usually act as access gateways into corporate networks. If compromised, they can allow hackers easy access to a company’s entire internal network, which is why APTs and ransomware gangs have targeted these systems in the past. The threat analyst Bank Security, a financial crime specialist, spotted the list and shared it with ZDNet. Bank Security believes that the hacker scanned the entire internet IPv4 address space for Pulse Secure VPN servers, used an exploit for the CVE-2019-11510 vulnerability to gain access to systems, dump server details (including usernames and passwords), and then collected all the information in one central repository. The list appears to have been compiled between June 24 and July 8. ZDNet has also reached out to another threat intelligence company, whose chief security officer said that of the 900-plus unique IP addresses found in the dump, 677 were found to be vulnerable last year, when a patch was suggested.
Read full article at:
Share this post: