Security News > 2021 > April > Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system.
There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.
The Pulse Secure VPN zero-day allowed attackers to bypass multi-factor authentication.
The secure remote access technology that the world's most secure industrial sites use is unidirectional remote screen view technology.
More generally, the Pulse Secure incident is an example of the second law of SCADA security - "All software can be hacked." All software has defects after all, some of which are security vulnerabilities.
The second law applies to all software, including VPN software, two-factor authentication software and, for that matter, unidirectional remote screen view software.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/xoNI-fySZhE/
Related news
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)