Security News > 2021 > April > Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
A variety of attack tools by a variety of threat actors are involved in exploiting the Pulse Secure systems, including four variants of a novel malware family FireEye/Mandiant has named SLOWPULSE. Three of the four variants of SLOWPULSE allow attackers to bypass two-factor authentication mechanisms in the VPN system.
There is no information yet as to whether or which industrial or critical infrastructure sites might have been targeted.
The Pulse Secure VPN zero-day allowed attackers to bypass multi-factor authentication.
The secure remote access technology that the world's most secure industrial sites use is unidirectional remote screen view technology.
More generally, the Pulse Secure incident is an example of the second law of SCADA security - "All software can be hacked." All software has defects after all, some of which are security vulnerabilities.
The second law applies to all software, including VPN software, two-factor authentication software and, for that matter, unidirectional remote screen view software.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/xoNI-fySZhE/
Related news
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Docker fixes critical 5-year old authentication bypass flaw (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- Ransomware continues to pile on costs for critical infrastructure victims (source)
- Two Russians sanctioned over cyberattacks on US critical infrastructure (source)
- New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure (source)