The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers—even if they have already patched it.
The warning comes three months after another CISA alert urging users and administrators to patch Pulse Secure VPN environments to thwart attacks exploiting the vulnerability.
“Threat actors who successfully exploited CVE-2019-11510 and stole a victim organization’s credentials will still be able to access — and move laterally through — that organization’s network after the organization has patched this vulnerability if the organization did not change those stolen credentials,” CISA said.
CISA has also released a tool to help network administrators look for any indicators of compromise associated with the flaw.
A Remote Code Execution Flaw
Tracked as CVE-2019-11510, the pre-authentication arbitrary file read vulnerability could allow remote unauthenticated attackers to compromise vulnerable VPN servers and gain access to all…