Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Enterprise VPN credentials leaked on hacker forum

Image Description

A list containing plaintext usernames and passwords along with IP addresses for over 900 VPN servers belonging to Pulse Secure VPN has been published online as well as shared on a hacker forum used by cybercriminals.

As reported by ZDNet who broke the story, the list's authenticity has been verified by multiple sources in the cybersecurity community and includes IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware versions, SSH keys for all 900 servers, usernames and cleartext passwords, admin account details, VPN session cookies and more.

The threat intelligence firm Bank Security first discovered the list online and then shared it with the news outlet. One of the company's security researchers noted that all of the VPN servers included in the list were running an older firmware version which is vulnerable to an authentication by-pass vulnerability tracked as CVE-2019-11510.

Researchers at Bank Security believe the hacker scanned all of the IPv4 addresses on the internet looking for Pulse Secure VPN servers and then exploited the vulnerability to gain access to the company's systems and server details. This information was then collected in a central repository and based on timestamps in the list, the  usernames, passwords and server details appear to have been collected between June 24 and July 8.

Pulse Secure VPN data dump

The threat intelligence company Bad Packets has been scanning the web for vulnerable Pulse Secure VPN servers since August of last year when the CVE-2019-11510 vulnerability was made public. ZDNet reached out to the firm regarding the list and its co-founder and chief research officer Troy Mursch provided further insight on the matter, saying:

"Of the 913 unique IP addresses found in that dump, 677 were detected by Bad Packets CTI scans to be vulnerable to CVE-2019-11510 when the exploit was made public last year."

Based on the list, it appears as if 677 companies failed to patch their VPN software since the vulnerability was made public. Now however, patching won't be enough as vulnerable organizations will also have to change their usernames and passwords to avoid falling victim to any potential attacks.

Businesses that use Pulse Secure VPN should patch their systems and update their credentials immediately as the list was also shared on a hacker forum frequented by multiple ransomware operators including the cybercriminals behind Sodinokibi and Lockbit. This means that the login details of many Pulse Secure VPN customers are not only available online but are most likely already in the hands of cybercriminals who will use this leaked data to their advantage.

  • Also check out our complete list of the best VPN services

Via ZDNet

Date

05 Aug 2020

Sources


Share


Other Blog

  • SonicWall hacked through flaw in its VPN service

    SonicWall has warned customers that a zero-day vulnerability has been found affecting several of its VPN products.

    Read More
  • Popular Android apps are leaking user data online

    Sensitive information of millions of users is easily accessible suggest security researchers.

    Read More
  • Microsoft 365 will let users browse their blocked phishing emails

    Microsoft is making it easier for users to find legitimate emails that have accidentally been marked as phishing messages or spam.

    Read More
  • Western Digital desktop app exposes Windows and macOS users to attack

    Western Digital’s proprietary file explorer EdgeRover, has received a patch that addresses a critical security vulnerability.

    The fixed flaw, tracked as CVE-2022-22998, is a directory traversal bug, which essentially means - people were allowed to access restricted files. Discovered by cybersecurity researcher Xavier Danest, it’s been given a severity score of 9.1. 

    The good news is that the endpoint already needs to be compromised, if this vulnerability is to be abused. In a published advisory, the company said very little about the flaw itself, other than if successfully exploited, could lead to the disclosure of sensitive information or denial-of-service.

    TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    >> Click here to start the survey in a new window

    A patch is available

    All EdgeRover users are advised to update their endpoints to version 1.5.1.-594, or newer. The fix corrects both file and directory permissions. 

    Western Digital did not say if the vulnerability was abused in the wild through viruses or malware. It’s even difficult to say how many people use EdgeRover, but given the overall popularity of Western Digital, as a brand, it’s safe to assume that some people could be vulnerable. 

    EdgeRover is a personal content management application, for Western Digital and SanDisk hardware, promising simplicity, usability, as well as advanced features such as powerful search, categorization, the detection of duplicate files, and similar. 

    The application is available for both Windows and Mac OS. 

    Just like any other hardware manufacturer out there, Western Digital is no stranger to vulnerabilities. Late last year, it warned owners of the My Cloud NAS devices to update to the latest firmware immediately, as the older versions were being terminated due to an increasing number of attacks. 

    “My Cloud OS 5 is a major and fundamental security release that provides an architectural revamp of our older My Cloud firmware and adds new defenses to thwart common classes of attacks,” WD explained back then.

    Via: BleepingComputer

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us