CISA encourages organizations to review Security Advisory SA44858 and apply the necessary update. (Updated August 11, 2021): Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities that an attacker could exploit to take control of an affected system. (Updated July 21, 2021): Please see CISA's new Malware Analysis Reports in regards to adversary activity analyzed by CISA that were discovered on Pulse Connect Secure Devices. See Ivanti KB44755 - Pulse Connect Secure (PCS) Integrity Assurance for updated guidance to ensure the full integrity of your Pulse Connect Secure software. 2021): CISA has updated this alert to include new threat actor techniques, tactics, and procedures (TTPs), indicators of compromise (IOCs), and updated mitigations. CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to immediately run the Pulse Secure Connect Integrity Tool, update to the latest software version, and investigate for malicious activity.
The known webshells allow for a variety of functions, including authentication bypass, multi-factor authentication bypass, password logging, and persistence through patching. The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence.
To gain initial access, the threat actor is leveraging multiple vulnerabilities, including CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, and the newly disclosed CVE-2021-22893. These entities confirmed the malicious activity after running the Pulse Secure Connect Integrity Tool. Since March 31, 2021, CISA and Ivanti have assisted multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor-or actors-beginning in June 2020 or earlier related to vulnerabilities in certain Ivanti Pulse Connect Secure products.
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting a number of U.S.
0 kommentar(er)
