Security News > 2021 > April > Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system.
There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.
The Pulse Secure VPN zero-day allowed attackers to bypass multi-factor authentication.
The secure remote access technology that the world's most secure industrial sites use is unidirectional remote screen view technology.
More generally, the Pulse Secure incident is an example of the second law of SCADA security - "All software can be hacked." All software has defects after all, some of which are security vulnerabilities.
The second law applies to all software, including VPN software, two-factor authentication software and, for that matter, unidirectional remote screen view software.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/xoNI-fySZhE/
Related news
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)