Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

Tara Seals reports:

CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said.

Read more on ThreatPost.

The 4TB time bomb: when EY's cloud went public (and what it taught us)
Some lower-tier ransomware gangs have formed a new RaaS alliance -- or have they? (1)
Uncovering Qilin attack methods exposed through multiple cases
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure
Ex-CISA head thinks AI might fix code so fast we won't need security teams
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.

Related: