Security News > 2020 > June > 'Black Kingdom' Ransomware Operators Target Pulse Secure VPNs

'Black Kingdom' Ransomware Operators Target Pulse Secure VPNs
2020-06-16 14:11

Researchers at Poland-based cybersecurity firm REDTEAM.PL have observed Black Kingdom ransomware attacks that exploit a Pulse Secure VPN vulnerability patched last year.

Tracked as CVE-2019-11510 and featuring a CVSS score of 10, the vulnerability was the most severe of several security flaws identified in enterprise VPNs from Pulse Secure.

An arbitrary file read issue, the bug could allow unauthenticated attackers to exfiltrate credentials that can then be used in combination with a remote command injection vulnerability in Pulse Secure products to compromise private VPN networks.

Pulse Secure released patches for the identified issues in April 2019, and said in August 2019 that most customers had already installed them.

Now, REDTEAM.PL says that the threat actor behind the Black Kingdom ransomware is also exploiting CVE-2019-11510 to compromise enterprise infrastructure.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/Frg5DNoDCVk/black-kingdom-ransomware-operators-target-pulse-secure-vpns

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-05-08 CVE-2019-11510 Path Traversal vulnerability in Ivanti Connect Secure 8.2/8.3/9.0
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
network
low complexity
ivanti CWE-22
critical
10.0