{"id":100680,"date":"2020-01-10T14:46:45","date_gmt":"2020-01-10T22:46:45","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2020\/01\/us-govt-warns-of-attacks-on-unpatched-pulse-vpn-servers"},"modified":"2020-01-10T14:46:45","modified_gmt":"2020-01-10T22:46:45","slug":"us-govt-warns-of-attacks-on-unpatched-pulse-vpn-servers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2020\/01\/us-govt-warns-of-attacks-on-unpatched-pulse-vpn-servers","title":{"rendered":"US Govt Warns of Attacks on Unpatched Pulse VPN Servers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/us-govt-warns-of-attacks-on-unpatched-pulse-vpn-servers2.jpg\"><\/a><\/p>\n<p>The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability.<\/p>\n<p>This warning follows another alert issued by CISA in <a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2019\/10\/16\/multiple-vulnerabilities-pulse-secure-vpn\" target=\"_blank\">October 2019<\/a>, and others coming from the <a href=\"https:\/\/media.defense.gov\/2019\/Oct\/07\/2002191601\/-1\/-1\/0\/CSA-MITIGATING-RECENT-VPN-VULNERABILITIES.PDF\" target=\"_blank\">National Security Agency<\/a> (NSA), <a href=\"https:\/\/cyber.gc.ca\/en\/alerts\/active-exploitation-vpn-vulnerabilities\" target=\"_blank\">the Canadian Centre for Cyber Security<\/a>, and UK\u2019s <a href=\"https:\/\/www.ncsc.gov.uk\/section\/about-ncsc\/what-we-do\" target=\"_blank\">National Cyber Security Center<\/a> (NCSC).<\/p>\n<p>Pulse Secure reported the vulnerability tracked as CVE-2019\u201311510 and disclosed by Orange Tsai and Meh Chang from the DEVCORE research team, and by Jake Valletta from FireEye in an April 2019 <a href=\"https:\/\/kb.pulsesecure.net\/articles\/Pulse_Security_Advisories\/SA44101\" target=\"_blank\">out-of-cycle advisory<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The US Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit a known remote code execution (RCE) vulnerability. This warning follows another alert issued by CISA in October 2019, and others coming from the National Security Agency (NSA), the [\u2026]<\/p>\n","protected":false},"author":513,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1412],"tags":[],"class_list":["post-100680","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-privacy"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/100680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/513"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=100680"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/100680\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=100680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=100680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=100680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}