Security News > 2020 > January > That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time

Hackers are taking advantage of unpatched enterprise VPN setups specifically, a long-known bug in Pulse Secure's code to spread ransomware and other nasties.

British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.

Now, months after the fixes were posted, Beaumont has investigated multiple ransomware infections and has confirmed that the Pulse Secure vulnerabilities were the entry point into the network for the hackers spreading the file-scrambling Sodinokibi nasty.

"Pulse Secure publicly provided a patch fix on April 24, 2019 that should be immediately applied to the Pulse Connect Secure. The CVE2019-1150 vulnerability is highly critical. Customers that have already applied this patch would not be vulnerable to this malware exploit. As we have communicated earlier, we urge all customers to apply the patch fix," the biz said.

Earlier this week, for an update on his website, Bad Packets Report's Troy Mursch ran a vulnerability scan finding that 3,826 Pulse Secure VPN servers worldwide remain vulnerable.

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/07/pulse_secure_attacks/