Vulnerabilities in Pulse Connect Secure VPN software have reportedly been exploited by attackers, some believed linked to China, to compromise networks. Credit: Undefined Undefined / Getty Images Organizations using Pulse Secure’s mobile VPN should patch vulnerabilities reportedly being exploited in the wild, possibly by a “Chinese espionage actor”. The patch–available here–is considered important enough that the Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies a deadline of April 23 to apply them. CISA’s guidance states that federal users of Pulse Connect Secure VPNs must use the company’s free utility to ascertain whether their devices are vulnerable. If the vulnerability is found, affected government Pulse Secure software and appliances have to be immediately isolated from the network and a full report has to be made. In addition to the vulnerability detection tool, Pulse Secure has issued a replacement XML configuration file, which prevents the exploits from functioning when placed on affected devices. “Organizations should examine available forensic evidence to determine if an attacker compromised user credentials,” wrote FireEye cybersecurity subsidiary Mandiant in a blog post. “[Pulse Secure parent company] Ivanti highly recommends resetting all passwords in the environment and reviewing the configuration to ensure no service accounts can be used to authenticate to the vulnerability.” Pulse Secure recommends using its online Pulse Connect Secure Integrity Assurance tool to determine whether Pulse Connect Secure software has been compromised. The known exploits force the SSL VPN authentication system to reveal credentials and trick it into producing “successful login” results when checking those credentials, according to Mandiant. Several exploit techniques have been used, but the results have been the same—compromised VPN appliances and remotely executed attack code. The vulnerabilities are partially based on three known issues that were patched over the past two years, according to Pulse Secure’s own blog post on the matter. A newer flaw can allow an attacker to bypass two-factor authentication on the Pulse Secure Connect gateway and execute remote code. An exploit of that vulnerability has apparently been used by multiple groups to target U.S. defense and industrial networks. There are twelve separate families of malware attacking Pulse Secure VPNs, and multiple actors are likely using the exploit in the wild at least one of which appears to be linked to the Chinese government, said Mandiant. The APT5 group, described as a “Chinese espionage actor” in the blog post, has persistently targeted U.S. aerospace and defense companies over a period of several years, and has attacked networking and software companies in order to accomplish that end. Related content analysis At RSA, Cisco unveils Splunk integrations, Hypershield upgrades At RSA Conference 2024, Cisco announced plans to integrate its XDR platform and Splunk’s SIEM, bolster its Hypershield AI-native security architecture, and add to its Duo access-protection software. By Michael Cooney May 06, 2024 5 mins Network Management Software Network Security Networking how-to Download our Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and Steve Zurier May 06, 2024 1 min Network Security Enterprise Buyer’s Guides news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie May 06, 2024 6 mins Careers Data Center Networking feature IBM’s bets on AI and hybrid cloud pay off Three key differentiators of IBM’s AI and cloud offerings are cross-platform automation, integration with multiple clouds, and tie-ins to IBM professional services. By Jeff Vance May 06, 2024 9 mins Hybrid Cloud Network Management Software Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe