The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organisations to change all their Active Directory credentials as a defence against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it.
The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability.
“Threat actors who successfully exploited CVE-2019-11510 and stole a victim organisation’s credentials will still be able to access — and move laterally through — that organisation’s network after the organisation has patched this vulnerability if the organisation did not change those stolen credentials,” CISA said.
CISA has also released a tool to help network administrators look for any indicators of compromise associated with the flaw.
images from Hacker News