The New OilFeb 23

How #PrivateEquity #Debt Left a Leading #VPN Open to Chinese Hackers

https://financialpost.com/pmn/business-pmn/how-private-equity-debt-left-a-leading-vpn-open-to-chinese-hackers

#China #PulseSecure #ConnectSecure #cybersecurity #Ivanti

How Private Equity Debt Left a Leading VPN Open to Chinese Hackers

Layoffs at Pulse Secure accelerated as financial pressure mounted

Financial Post
Kevin DartyMar 12, 2025

CISA tags critical Ivanti EPM flaws as actively exploited in attacks

#Security #Cybersecurity #CISA #VPN #Networking #Ivanti #PulseSecure #Vulnerability #Breach #ZeroDay

https://www.bleepingcomputer.com/news/security/cisa-tags-critical-ivanti-epm-flaws-as-actively-exploited-in-attacks/

CISA tags critical Ivanti EPM flaws as actively exploited in attacks

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances.

BleepingComputer
Stephen MurcottOct 30, 2024
Mycology and defending against threats and vulnerability of mycelium is similar to Cyber in many ways. The devil is in the details... #Fortinet I feel vindicated for hand crafted bare metal Linux firewalls where I was in control of patches, scheduled jobs, iptables, htb, live monitoring, software updates and version controls... Shocked at how badly some device life cycles have been managed. #PulseSecure #Cisco make so much work. We pay for this trust in vendors more interested in profit than security.
Maxime ThiebautMar 1, 2024

We're still discovering further ramifications to #Ivanti's #PulseSecure vulnerabilities (#CVE_2023_46805 & #CVE_2024_21887). In February, we identified two new backdoors: #SparkCockpit & #SparkTar. Both backdoors employ selective interception of TLS communication, offer multiple degrees of persistence and access possibilities into the victim network (e.g., traffic tunneling through SOCKS proxy).

👀 Analysis & detection rules at https://blog.nviso.eu/2024/03/01/covert-tls-n-day-backdoors-sparkcockpit-sparktar/

The findings of our investigation have been independently corroborated by the research performed by Mandiant and have partially been observed by Fortinet.

#threatintel #forensics #reverseengineering

Covert TLS n-day backdoors: SparkCockpit & SparkTar

This report documents two covert TLS-based backdoors identified by NVISO: SparkCockpit & SparkTar.

NVISO Labs
[ENC]BladeXPFeb 9, 2024

Mein ehemals liebster Arbeitgeber wurde ja 2021 von eine Konzern geschluckt. 💔

Es war dem Konzern sehr wichtig das man unbedingt das gute #openvpn durch #ivanti bzw. damals noch #pulsesecure ersetzt. Bedenken waren egal, denn es ging ja um Compliance, nicht um Security.

Auch Hinweise auf die CVE Sammlung von Ivanti haben nicht zum umdenken angeregt. "Works for >100k" war eine relevantere Metrik als diverse CVSS > 8.0. 🤷

Ivanti sammelt CVEs wie andere Pokemon.

Konzerne: 😍
Security: 🙈

Lisa Lorenzin (she/her)Feb 3, 2024
True facts. AFAICT, the #Ivanti mess is technical-debt chickens coming home to roost. I was at #NetScreen when we acquired #Neoteris (originators of the #SSLVPN product), and then over the next two decades #Juniper > #PulseSecure > #Ivanti have tortured that legacy codebase with everything from FrankenNAC to PE-driven developer offshoring to bolt-on cloud-service offerings. TBH the only thing that surprises me about this is that it took so long.
Pouring one out for what was truly a revolutionary #VPN solution when it debuted 20-some years ago...
heise online (inoffiziell)Apr 20, 2021
Mindestens zwei Gruppen attackieren Pulse Secure VPN-Appliances über eine bislang unbekannte Sicherheitslücke. Patches gibt es bislang keine. Kritische 0-Day-Lücke in Pulse Secure VPN aktiv ausgenutzt
Kritische 0-Day-Lücke in Pulse Secure VPN aktiv ausgenutzt

Mindestens zwei Gruppen attackieren Pulse Secure VPN-Appliances über eine bislang unbekannte Sicherheitslücke. Patches gibt es bislang keine.

🖱🛠👉👕👈 SOSOrdinet 🎣🖥️🐛 🗞️Nov 26, 2020

#VPN #Fortinet : 3 vulnérabilités dont #Zerologon et #PulseSecure permettent de collecter 49 577 IPs !

https://blog.sosordi.net/2020/11/vpns-fortinet-3-vulnerabilites-dont-zerologon-et-pulsesecure-permettent-de-collecter-49-577-ips.html

#securite #IP

VPNs Fortinet : 3 vulnérabilités dont Zerologon et PulseSecure permettent de collecter 49 577 IPs ! | SOSOrdi.net

SOSOrdi.net
🖱🛠👉👕👈 SOSOrdinet 🎣🖥️🐛 🗞️Oct 29, 2020

#VPN #PulseSecure : le stockage et le chiffrement des mots de passe étaient accessibles depuis le registre #Windows !

https://blog.sosordi.net/2020/10/vpn-pulse-secure-le-stockage-et-le-chiffrement-des-mots-de-passe-etaient-accessibles-depuis-le-registre-windows.html

#securite #data #motsdepasse

VPN Pulse Secure : le stockage et le chiffrement des mots de passe étaient accessibles depuis le registre Windows ! | SOSOrdi.net

SOSOrdi.net
🖱🛠👉👕👈 SOSOrdinet 🎣🖥️🐛 🗞️Oct 15, 2020

Élections présidentielles américaines : intensification des #cyberattaques depuis des failles nouvelles et existantes relatives aux #VPN !

https://blog.sosordi.net/2020/10/elections-presidentielles-americaines-intensification-des-cyber-attaques-depuis-des-failles-nouvelles-et-existantes-relatives-aux-vpns.html

#securite #Elections2020 #Zerologon #Citrix #MDM #PulseSecure

Élections présidentielles américaines : intensification des cyber-attaques depuis des failles nouvelles et existantes relatives aux VPNs ! | SOSOrdi.net

SOSOrdi.net