At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cyber security threat landscape and are among the first in the region to learn and act upon new threats.

In this blog, we share the top cybersecurity threat our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:

Help AG has received an update on continued exploitation of Pulse Secure: Arbitrary File Disclosure Vulnerability, whereby organizations had been advised to immediately patch CVE-2019-11510.

This is an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances. Threat actors who successfully exploited CVE-2019-11510 and own stolen credentials of a victim organization will still be able to access and move laterally through the organization’s network. Organizations who patched this vulnerability are still exposed to this vulnerability if they did not change the stolen credentials.

CVE-2019-11510 is a pre-authentication arbitrary file read vulnerability affecting Pulse Secure VPN appliances. A remote attacker can exploit this vulnerability to request arbitrary files from a VPN server because directory traversal is hard coded to be allowed if the path contains dana/html5/acc.

Recommendations

Help AG recommends upgrading Pulse Secure VPN to the corresponding patches for CVE-2019-11510. Please refer to KB article SA44101 for additional details.
It’s recommended to remove unauthorized applications and scheduled tasks.
Remove any remote access programs not approved by the organization.
Inspecting scheduled tasks for scripts or executables that may allow an attacker to connect to an environment.
Please block the indicators of compromise within the various security controls across your organization.

References

htt ps://www.us-cert.gov/ncas/alerts/aa20-107a