0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn

Insights and Updates.
Made for you.

You are here:
Posted on Thursday, 07 May 2020

Pulse Secure Vulnerability.

Written by

By Dave Buckley

On 16th of April 2020 the CISA released an alert covering continued exploitation of pulse secure VPN’s post patching. This is an update to the original alert the CISA published back in January 2020 which advised organisations to immediately patch CVE-2019-11510. Pulse secure released patches for this vulnerability in April 2019 (SA44101).

https://www.us-cert.gov/ncas/alerts/aa20-010a

https://www.us-cert.gov/ncas/alerts/aa20-107a

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

CISA is providing this update to alert administrators that threat actors who successfully exploited CVE-2019-11510 and stole a victim organization’s credentials will still be able to access and move laterally through that organization’s network after the organization has patched this vulnerability if the organization did not change those stolen credentials.

The alert also provides new detection methods for this activity and a tool that helps network administrators search for indicators of a compromise.

https://github.com/cisagov/check-your-pulse

Mitigations

CISA strongly urges organizations that have not yet done so to upgrade their Pulse Secure VPN to the corresponding patches for CVE-2019-11510. If, after applying the detection measures in this alert, organizations detect evidence of CVE-2019-11510 exploitation, CISA recommends changing passwords for all Active Directory accounts, including administrators and services accounts.

CISA also recommends organizations to:

  • Look for unauthorized applications and scheduled tasks in their environment.
  • Remove any remote access programs not approved by the organization.
  • Remove any remote access trojans.
  • Carefully inspect scheduled tasks for scripts or executables that may allow an attacker to connect to an environment.

If organizations find evidence of malicious, suspicious, or anomalous activity or files, they should consider reimaging the workstation or server and redeploying back into the environment. CISA recommends performing checks to ensure the infection is gone even if the workstation or host has been reimaged.

GET
IN TOUCH

Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.

    CONNECT
    WITH US

    Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

    Latest Tweets

    A useful reminder of the data protection obilgations on businesses. Key is to understand the risks and apply approp… https://t.co/9Bhsxk89Jf
    Some useful info from the ICO on home working and data security. https://t.co/yWfOWJNxS4
    COVID-19 update https://t.co/wRDHY7IR6Q

    Subscribe to our Newsletter

    Latest Blog Posts

    • Pulse Secure Vulnerability

      Share the post “Pulse Secure Vulnerability” Facebook LinkedIn Twitter By Dave Buckley On 16th of April 2020 the CISA released an alert covering continued exploitation of pulse secure VPN’s post patching. This is an update to the original alert the CISA published back in January 2020 which advised organisations to immediately patch CVE-2019-11510. Pulse secure […]

      Written on
    • COVID-19 Update

      Share the post “COVID-19 Update” Facebook LinkedIn Twitter Aristi has made preparations to protect our operations from disruptions caused by the Coronavirus (COVID-19) outbreak. Our aim as always is to provide an excellent service to our customers, and we will continue to do so through this uncertain time. We will be monitoring the situation closely […]

      Written on Tuesday, 14 April 2020
    • Testing as a Service

      Share the post “Testing as a Service” Facebook LinkedIn Twitter Aristi has developed an innovative new cyber security service to give businesses and public sector organisations reassurance that they are doing all they can to defend against hackers. Many organisations conduct annual IT Health Checks to identify security weaknesses in their IT systems. However, a […]

      Written on Monday, 24 February 2020