Pulse Secure VPN devices are currently being targeted by four new malware tools. Some experts and other security researchers claimed that this new malicious equipment can exploit a dangerous vulnerability that has a severity score of ten CVSS (Common Vulnerability Scoring System).
"Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices," said the involved security researchers.
"These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations," added Mandiant's security experts.
This information was confirmed by FireEye's Mandiant cyber forensics team. To give you more ideas, here are other details of the four new malware tools.
Pulse Secure VPN at Risk of CVE-2021-22893
According to ZDNet's latest report, the involved experts claimed that the new malware tools can exploit this major vulnerability called CVE-2021-22893. They added that this major vulnerability has a severity score of 10 CVSS.
On the other hand, experts also explained that this exploit is described as an authentication bypass, which could affect Pulse Connect Secure.
What makes this exploit very serious is that it can allow unauthenticated attackers to perform remote arbitrary code execution (RCE). Aside from these, Mandiant's security team also confirmed that the four new malware tools can also send other security flaws, such as CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243.
On the other hand, FireEye's official website confirmed that the four new malicious technologies can steal sensitive credentials from the Pulse Secure VPN devices.
One of the most important information it can acquire is the user's Pulse Secure VPN login. However, the security firm hasn't released other details if there are other credentials that can be stolen.
Here are the exact new malware tools that you need to know:
- Rapidpulse (A webshell that exists as a modification)
- Bloodmine (This malicious equipment can access PSC log files and acquire logins, message IDs, and web requests)
- Bloodbank (Designed for credential theft and parses files containing password hashes or plaintext credentials)
- Cleanpulse (A memory patching tool for preventing specific log events)
For more news updates about malware-related stories, always keep your tabs open here at TechTimes.
This article is owned by TechTimes
Written by: Griffin Davis