Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Enterprise VPN credentials leaked on hacker forum

Image Description

A list containing plaintext usernames and passwords along with IP addresses for over 900 VPN servers belonging to Pulse Secure VPN has been published online as well as shared on a hacker forum used by cybercriminals.

As reported by ZDNet who broke the story, the list's authenticity has been verified by multiple sources in the cybersecurity community and includes IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware versions, SSH keys for all 900 servers, usernames and cleartext passwords, admin account details, VPN session cookies and more.

The threat intelligence firm Bank Security first discovered the list online and then shared it with the news outlet. One of the company's security researchers noted that all of the VPN servers included in the list were running an older firmware version which is vulnerable to an authentication by-pass vulnerability tracked as CVE-2019-11510.

Researchers at Bank Security believe the hacker scanned all of the IPv4 addresses on the internet looking for Pulse Secure VPN servers and then exploited the vulnerability to gain access to the company's systems and server details. This information was then collected in a central repository and based on timestamps in the list, the  usernames, passwords and server details appear to have been collected between June 24 and July 8.

Pulse Secure VPN data dump

The threat intelligence company Bad Packets has been scanning the web for vulnerable Pulse Secure VPN servers since August of last year when the CVE-2019-11510 vulnerability was made public. ZDNet reached out to the firm regarding the list and its co-founder and chief research officer Troy Mursch provided further insight on the matter, saying:

"Of the 913 unique IP addresses found in that dump, 677 were detected by Bad Packets CTI scans to be vulnerable to CVE-2019-11510 when the exploit was made public last year."

Based on the list, it appears as if 677 companies failed to patch their VPN software since the vulnerability was made public. Now however, patching won't be enough as vulnerable organizations will also have to change their usernames and passwords to avoid falling victim to any potential attacks.

Businesses that use Pulse Secure VPN should patch their systems and update their credentials immediately as the list was also shared on a hacker forum frequented by multiple ransomware operators including the cybercriminals behind Sodinokibi and Lockbit. This means that the login details of many Pulse Secure VPN customers are not only available online but are most likely already in the hands of cybercriminals who will use this leaked data to their advantage.

  • Also check out our complete list of the best VPN services

Via ZDNet

Date

05 Aug 2020

Sources


Share


Other Blog

  • Yahoo is giving away a free website to businesses

    Get the Online Presence package for a whole year.

    Read More
  • Google Cloud wants to help firms squeeze maximum value out of their data

    New BigQuery features look to improve performance and efficiency.

    Read More
  • Amazon's Spring Sale means fantastic gaming laptop deals in the UK right now

    Don't miss Amazon's Spring Sale if you're a keen gaming laptop deals hunter in the UK - there's bargains to be had.

    Read More
  • Microsoft’s Black Friday bargains include up to £580 off Surface devices

    If you’re looking to buy a Surface device, then there are a bunch of Black Friday deals now live on Microsoft’s own store, and also with partner retailers like Amazon and John Lewis.

    These offers range across the board from the high-end Surface Book 3, which has reductions of up to £580 on the boil right now, through to the affordable Surface Go 2 which has still had £190 slashed off the asking price, so you can now get the version with 8GB of RAM and 128GB storage for just £339.

    That’s quite a deal indeed considering that the entry-level Go 2 normally costs £399 with half that RAM and storage.

    As well as all this, there are discounts on accessories at Microsoft’s online store, with up to 30% off, and price cuts on Surface hardware that Microsoft has refurbished (which includes savings of up to £180 on already cheaper prices).

    These deals run through until at least December 3 – while stock lasts – or later, with one exception, the aforementioned offer on the Surface Go 2, which finishes on December 2 and is picked out below. Check out that and the other top discounts we’ve highlighted below, or head to the Microsoft store to peruse bargains on the Surface Laptop 4 (saving up to £220), or the Surface Laptop Go (again, with up to £220 off), plus the Surface Go 2 (up to 15% off).

    (Not in the UK? Scroll down for deals in your region).

    Surface Go 2, Intel Pentium Gold 4425Y, 8GB RAM, 128GB SSD: £529 £339 at Amazon
    The Go 2 is a seriously affordable Windows tablet, and this is the model above the base version equipped with double the memory and storage. With £190 knocked off the price, it’s even more of a bargain, and this is a deal that likely won’t hang around for long.

    Surface Laptop Go, Core i5, 8GB RAM, 128GB SSD: £699 £499 at Amazon
    In our review, we enthused that the Surface Laptop Go redefines the budget laptop, and this super-slick portable will trouble your wallet even less with this £200 discount. It’s a beefier model which avoids the slower eMMC drive on the entry-level option, and doubles up the RAM into the bargain. Microsoft also has this model on offer at £559, but Amazon’s deal is even keener than that.

    Surface Laptop 4, Ryzen 5, 8GB RAM, 128GB SSD: £899 £699 at John Lewis
    The Surface Laptop 4 is a superb notebook with a top-notch keyboard, among other benefits, and a £200 discount on this entry-level model – which still offers plenty of power, yet remains nicely portable – is another great bargain for Black Friday. Remember that John Lewis also provides a two-year guarantee.

    Surface Book 3 15-inch, Core i7, 32GB RAM, 512GB SSD: £2,699 £2,125 at Microsoft
    There are some major price cuts on the Surface Book 3 hybrid at Microsoft’s store, and one of the choicest is this Core i7 15-inch model with a whopping 32GB of system RAM, which is reduced by £574. If you need more storage, the 1TB version has been knocked down by a similar amount, but runs to a slightly pricier £2,319. Neither machine is anything like cheap, of course, but these are still serious savings.

    More Microsoft Surface deals

    No matter where you live, you'll find all the lowest prices for Microsoft Surface hardware from around the web right here, with offers available in your region. 

    More Black Friday deals

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us