The PCS appliance is a popular VPN solution that offers workers secure access to an organization's internal networks from anywhere in the world. Splunk recommends all PCS customers follow this vendor-published guidance in its entirety. Of particular importance is the Pulse Connect Secure Integrity Tool, which allows you to check if essential components of your PCS appliance software have been tampered with. The post contains valuable information on all the vulnerabilities and recommended mitigation measures, and customer support information. The vendor notes that a software update for this new issue will be available in early May. Splunk recommends all US Federal agencies refer to the DHS directive to ensure compliance.Īccording to a blog post by Pulse Secure, the incidents disclosed this week involve vulnerabilities that were patched in 20, plus a new issue (CVE-2021-22893 Security Advisory SA44784) discovered this month. That same day, DHS Cybersecurity and Infrastructure Security Agency (CISA) released Alert (AA21-110A) and Emergency Directive 21-03, the latter requiring all US Federal agencies to take specific action concerning PCS appliances in their environments. This report prompted a flurry of activity from various organizations, including government agencies and security vendors. On April 20, 2021, the Mandiant team at FireEye released a blog detailing their findings from multiple recent incidents involving compromised PCS appliances. Over the past few weeks, there has been increasing chatter regarding adversary groups exploiting multiple vulnerabilities in the Pulse Connect Secure (PCS) virtual private network (VPN) appliance. What You Need to Know About the Pulse Connect Secure Attacks Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings. To immediately see how to find potential vulnerabilities or exploits in your Pulse Connect Secure appliance, skip down to the "Identifying, Monitoring and Hunting with Splunk" section. We have updated our Splunk-friendly collection of indicators to include the latest from CISA. On April 30, CISA updated Alert (AA21-110A) with new detections, including the " Impossible Travel" detection and JA3 analysis. Splunk recommends that all Pulse Secure users review and install the update as soon as possible. First and most importantly, Pulse Secure issued an update on May 3 addressing multiple vulnerabilities. Update May 4, 2021: Over the last two weeks, there have been several significant developments. C ontributors: Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Dave Herrald, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner and Bill Wright
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |