Security News > 2020 > January > Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware
A widely known vulnerability affecting an enterprise VPN product from Pulse Secure has been exploited by cybercriminals to deliver a piece of ransomware, a researcher has warned.
They can use the obtained credentials in combination with a remote command injection vulnerability in Pulse Secure products, allowing them to gain access to private VPN networks.
UK-based cybersecurity researcher Kevin Beaumont reported a few days ago that he became aware of attacks exploiting the Pulse Secure vulnerability to deliver a piece of file-encrypting ransomware tracked as Sodinokibi and REvil.
Pulse Secure publicly provided a patch fix on April 24, 2019 that should be immediately applied to the Pulse Connect Secure.
"Threat Actors will take advantage of the vulnerability that was reported on Pulse Secure, Fortinet and Palo Alto VPN products - and in this case, exploit unpatched VPN servers to propagate malware, REvil, by distributing and activating the Ransomware through interactive prompts of the VPN interface to the users attempting to access resources through unpatched, vulnerable Pulse VPN servers."