![]() On April 20, 2021, the Mandiant team at FireEye released a blog detailing their findings from multiple recent incidents involving compromised PCS appliances. ![]() ![]() Over the past few weeks, there has been increasing chatter regarding adversary groups exploiting multiple vulnerabilities in the Pulse Connect Secure (PCS) virtual private network (VPN) appliance. What You Need to Know About the Pulse Connect Secure Attacks Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings. To immediately see how to find potential vulnerabilities or exploits in your Pulse Connect Secure appliance, skip down to the "Identifying, Monitoring and Hunting with Splunk" section. We have updated our Splunk-friendly collection of indicators to include the latest from CISA. On April 30, CISA updated Alert (AA21-110A) with new detections, including the " Impossible Travel" detection and JA3 analysis. Splunk recommends that all Pulse Secure users review and install the update as soon as possible. First and most importantly, Pulse Secure issued an update on May 3 addressing multiple vulnerabilities. Update May 4, 2021: Over the last two weeks, there have been several significant developments. C ontributors: Mick Baccio, James Brodsky, Tamara Chacon, Shannon Davis, Dave Herrald, Kelly Huang, Ryan Kovar, Marcus LaFerrerra, Michael Natkin, John Stoner and Bill Wright
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |