Outdated OS gets ATMs Hacked within minutes

October 7, 2019
Rewterz

Rewterz Threat Alert – Masad Stealer

October 8, 2019

Rewterz Threat ALert – Unpatched VPN Servers Targeted by Nation-State Attackers

Severity

High

Analysis Summary

Advanced persistent threat actors are continuing their exploit attempts against name-brand VPNs used by organizations around the world. 

Pulse Connect Secure

  • CVE-2019-11510: Pre-auth arbitrary file reading.
  • CVE-2019-11539: Post-auth command injection.

Fortinet

  • CVE-2018-13379: Pre-auth arbitrary file reading.
  • CVE-2018-13380: A cross-site scripting vulnerability.
  • CVE-2018-13382: Allows an unauthenticated attacker to change the password of an SSL VPN web portal user.
  • CVE-2018-13383: Post-auth heap overflow. This allows an attacker to gain a shell running on the router.

Palo Alto

  • CVE-2019-1579: Palo Alto Networks GlobalProtect Portal.

Impact

  • Credential theft
  • Exposure of sensitive information

Affected Vendors

  • Pulse Secure
  • Palo Alto
  • Fortinet

Affected Products

  • Pulse Connect Secure and Pulse Policy Secure VPN
  • Palo Alto GlobalProtect VPN
  • Fortinet Fortigate VPN

Remediation

  • Patch VPN servers and apply necessary updates.
  • Employ multi-factor authentication for users connecting to VPN services.
  • Reset all user and administrator passwords after these vulnerabilities have been patched.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.