VPN Services Attacked By CVE-2019-11510 Vulnerability - Hvordan, Teknologi og pc-sikkerhed Forum | SensorsTechForum.com
CYBER NEWS

VPN Services Attacked By CVE-2019-11510 Vulnerability

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

The CVE-2019-11510 vulnerability is being used against VPN providers worldwide. The available security reports indicate that a criminal collective is actively seeking to break the security barriers of several providers of VPN services. This is done by exploiting a recent vulnerability which is actively being tracked in the CVE-2019-11510 advisory.




CVE-2019-11510 Vulnerability Used Against VPN Service Providers

The CVE-2019-11510 vulnerability has been found to be used in real-time attacks against VPN providers. It appears that this is a global attack designed to attempt intrusion onto these networks by attempting to expose a weakness in them. The CVE-2019-11510 attack campaign has been tested on Pulse Connect Secure service. The company was able to react timely to the intrusion attempts and released a security announcement giving further details on the flaw. According to the released information this is classified as anauthentication by-pass vulnerabilitythat can allow non-authenticated users to access files on the service’s gateway. On affected systems this will trigger a remote code execution flaw. All Pulse Connect Secure have been patched in order to defer any possible intrusion attempts.

Relaterede: CVE-2019-15107: Remote Code Execution Vulnerability in Webmin

The problem that was associated with this threat is the ability of the hackers to use publicly available code (posted online as proof-of-concept). This makes it very easy to automate the attacks by the hackers. This is done by arming the exploit code and finding out the public-facing Internet gateways that the target VPN service is using.

Thanks to the thorough security analysis the security researchers have been able to uncover what are the actions that are to be run once the hosts are infiltrated:

  • The first step is the initial infection. This is done by succesfully exploiting the host with the CVE-2019-11510 flaw.
  • The next step is to download the system account credentials. They are done by taking the relevant file from the server’s file system.
  • From there on the infected computers can be infected with other viruses and data stolen.

A similar attack was also found to be used against government agencies, public education institutions, utility industries, financial corporations and etc.

Avatar

Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...