AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
US CISA: Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors, thanks to CVE-2019-11510
Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. It’s the warning launched by U.S. CERT. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack. Although Pulse Secure disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510. CISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes.
The cyber security experts: Threat actors may be able to gain access to all active users and their plain-text credentials, and also execute arbitrary commands
According to the cyber security experts, a remote, unauthenticated attacker may be able to compromise a vulnerable VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server. Moreover, this vulnerability has no viable workarounds except for applying the patches provided by the vendor and performing required system updates.