Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

UK Govt Say: APTs Exploiting Enterprise VPN Vulnerabilities

Written by  Oct 09, 2019

Advanced persistent threat (APT) actors have been exploiting recently disclosed vulnerabilities affecting enterprise VPN products from Fortinet, Palo Alto Networks and Pulse Secure, the UK’s National Cyber Security Centre (NCSC) warns.

The NCSC, which is part of the UK’s GCHQ intelligence agency, issued an alert this week to warn organisations that they may be targeted if they use the affected products.

“This activity is ongoing, targeting both UK and international organisations. Affected sectors include government, military, academic, business and healthcare,” the NCSC said.

According to the organization, APTs have been targeting several vulnerabilities, including CVE-2019-11510 and CVE-2019-11539, which affect Pulse Secure products, CVE-2018-13379,

CVE-2018-13382 and CVE-2018-13383, which affect Fortinet products, and CVE-2019-1579, which impacts Palo Alto Networks products.

These and other vulnerabilities in Pulse Secure, Fortinet and Palo Alto Networks VPNs were disclosed this summer by Orange Tsai and Meh Chang of the research team at security consulting firm DEVCORE. Shortly after their disclosure, which included technical details, several proof-of-concept (PoC) exploits were made public.

The flaws can be exploited remotely to infiltrate corporate networks, eavesdrop on communications, and steal potentially sensitive information, the researchers warned.

A few weeks after disclosure, the first attack attempts targeting Fortinet and Pulse Secure systems were spotted.

Analysts from Microsoft’s Threat Intelligence Center revealed in early September that a threat group tracked by the company as MANGANESE had been using the vulnerabilities in its attacks since mid-July, weeks before PoC exploits were made public.

MANGANESE, which FireEye tracks as APT5, has been active since at least 2007, mainly targeting telecommunications and technology companies in Asia.

The NCSC’s alert does not specify which APTs have been targeting the vulnerabilities, but it advises organisations previously targeted by APTs and organisations that have detected successful exploitation against their VPN to take measures.

Pulse Secure claimed in late August that a majority of its customers had already patched the vulnerabilities, but Bad Packets stated at the time that there had been over 14,000 vulnerable Pulse Secure endpoints hosted by over 2,500 organizations.

A recent update provided by Bad Packets, which has been working with government agencies in an effort to get organizations to deploy the patches, showed that there had still been over 6,500 vulnerable Pulse Secure endpoints as of September 30. A majority are located in the United States, Japan and the UK.


Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Contributors

We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

Advertisement
Symantec Home 120x60

Advertisement