home.social

#pulsesecure — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pulsesecure, aggregated by home.social.

  1. We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In February, we identified two new backdoors: #SparkCockpit & #SparkTar. Both backdoors employ selective interception of TLS communication, offer multiple degrees of persistence and access possibilities into the victim network (e.g., traffic tunneling through SOCKS proxy).

    👀 Analysis & detection rules at blog.nviso.eu/2024/03/01/cover

    The findings of our investigation have been independently corroborated by the research performed by Mandiant and have partially been observed by Fortinet.

    #threatintel #forensics #reverseengineering

  2. True facts. AFAICT, the #Ivanti mess is technical-debt chickens coming home to roost. I was at #NetScreen when we acquired #Neoteris (originators of the #SSLVPN product), and then over the next two decades #Juniper > #PulseSecure > #Ivanti have tortured that legacy codebase with everything from FrankenNAC to PE-driven developer offshoring to bolt-on cloud-service offerings. TBH the only thing that surprises me about this is that it took so long.
    Pouring one out for what was truly a revolutionary #VPN solution when it debuted 20-some years ago...

  3. True facts. AFAICT, the #Ivanti mess is technical-debt chickens coming home to roost. I was at #NetScreen when we acquired #Neoteris (originators of the #SSLVPN product), and then over the next two decades #Juniper > #PulseSecure > #Ivanti have tortured that legacy codebase with everything from FrankenNAC to PE-driven developer offshoring to bolt-on cloud-service offerings. TBH the only thing that surprises me about this is that it took so long.
    Pouring one out for what was truly a revolutionary #VPN solution when it debuted 20-some years ago...

  4. True facts. AFAICT, the #Ivanti mess is technical-debt chickens coming home to roost. I was at #NetScreen when we acquired #Neoteris (originators of the #SSLVPN product), and then over the next two decades #Juniper > #PulseSecure > #Ivanti have tortured that legacy codebase with everything from FrankenNAC to PE-driven developer offshoring to bolt-on cloud-service offerings. TBH the only thing that surprises me about this is that it took so long.
    Pouring one out for what was truly a revolutionary #VPN solution when it debuted 20-some years ago...

  5. True facts. AFAICT, the #Ivanti mess is technical-debt chickens coming home to roost. I was at #NetScreen when we acquired #Neoteris (originators of the #SSLVPN product), and then over the next two decades #Juniper > #PulseSecure > #Ivanti have tortured that legacy codebase with everything from FrankenNAC to PE-driven developer offshoring to bolt-on cloud-service offerings. TBH the only thing that surprises me about this is that it took so long.
    Pouring one out for what was truly a revolutionary #VPN solution when it debuted 20-some years ago...

  6. True facts. AFAICT, the #Ivanti mess is technical-debt chickens coming home to roost. I was at #NetScreen when we acquired #Neoteris (originators of the #SSLVPN product), and then over the next two decades #Juniper > #PulseSecure > #Ivanti have tortured that legacy codebase with everything from FrankenNAC to PE-driven developer offshoring to bolt-on cloud-service offerings. TBH the only thing that surprises me about this is that it took so long.
    Pouring one out for what was truly a revolutionary #VPN solution when it debuted 20-some years ago...

  7. Hackers are exploiting a Pulse Secure 0day to breach orgs around the world - Enlarge (credit: CHUYN / Getty Images)
    Hackers backed by nation-states are expl... - arstechnica.com/?p=1758789 #vulnerabilities #pulsesecure #exploits #biz&it #policy #tech #vpns

  8. Mindestens zwei Gruppen attackieren Pulse Secure VPN-Appliances über eine bislang unbekannte Sicherheitslücke. Patches gibt es bislang keine. Kritische 0-Day-Lücke in Pulse Secure VPN aktiv ausgenutzt
  9. Zwei aktuelle Studien beleuchten die IT-Sicherheit in Unternehmen. Die Befragten sehen sich immer mehr Bedrohungen ausgesetzt und investieren kräftig.
    Studie: Sicherheit ist Entscheidungsträgern zu komplex
  10. Code-execution bug in Pulse Secure VPN threatens patch laggards everywhere - Enlarge (credit: Bid.in2corporate.com)
    Organizations that have yet to install the latest version ... - arstechnica.com/?p=1701334 #virtualprivatenetworks #vulnerabilities #codeexecution #pulsesecure #biz&it #tech #bugs #vpns

  11. As attacks begin, Citrix ships patch for VPN vulnerability - Enlarge (credit: Igor Golovniov/SOPA Images/LightRocket via Getty Images)
    On January 19, Citrix r... more: arstechnica.com/?p=1645999 #pulsesecure #ransomware #biz&it #policy #citrix

  12. Unpatched Citrix vulnerability now exploited, patch weeks away - Enlarge / Citrix's ADC and Gateway products have a vulnerability that now has several exploits wide... more: arstechnica.com/?p=1643051 #virtualprivatenetworksvpns #pulsesecure #webhack #biz&it #citrix

  13. Unpatched VPN makes Travelex latest victim of “REvil” ransomware - Enlarge / It may take longer to get your money changed when you travel, since Travelex is doing eve... more: arstechnica.com/?p=1640787 #pulsesecure #ransomware #biz&it #revil #vpn