Computer Weekly

Chinese APT exploits critical CVE in Pulse Secure VPN

Users of Pulse Secure VPN are being urged to patch a newly disclosed authentication bypass zero-day that enables an unauthenticated user to perform remote arbitrary file execution on the Pulse Secure ...
Bleeping Computer

Pulse Secure fixes VPN zero-day used to hack high-value targets

Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt ...
Bleeping Computer

CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure ...
Threat Post

DHS Urges Pulse Secure VPN Users To Update Passwords

The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VPN flaw has been patched, as attackers continue to exploit the flaw. The Department of Homeland ...
Threat Post

Pulse Secure VPNs Get Quick Fix for Critical RCE

One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again. Pulse Secure has issued a workaround for ...
Dark Reading

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

VPN provider Pulse Secure on Monday urged customers to immediately apply a security patch if they have not yet done so. The company issued the patch last April to address a critical, remotely ...
CRN

Hackers Exploit SolarWinds, Pulse Secure For Credential Theft: Feds

Hackers entered the unidentified victim’s network through a Pulse Secure VPN appliance, moved laterally to the victim’s SolarWinds Orion sever, installed Supernova malware, and stole credentials, ...