A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs.
According to a review, the list includes:
- IP addresses of Pulse Secure VPN servers
- Pulse Secure VPN server firmware version
- SSH keys for each server
- A list of all local users and their password hashes
- Admin account details
- Last VPN logins (including usernames and cleartext passwords)
- VPN session cookie
Experts Comments
Linkedin Message
@Niamh Muldoon, Senior Director of Trust and Security, EMEA, provides expert commentary at @Information Security Buzz.
"This was a vulnerability exposed last year as well, making it evermore disappointing that it wasn’t managed sooner...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Niamh Muldoon, Senior Director of Trust and Security, EMEA, provides expert commentary at @Information Security Buzz.
"This was a vulnerability exposed last year as well, making it evermore disappointing that it wasn’t managed sooner...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@Rodrigo Jazinski, CTO , provides expert commentary at @Information Security Buzz.
"This is a very disturbing breach...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Rodrigo Jazinski, CTO , provides expert commentary at @Information Security Buzz.
"This is a very disturbing breach...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@David Kennefick, Product Architect, provides expert commentary at @Information Security Buzz.
"A regular scan of your external facing estate should pick up this issue. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@David Kennefick, Product Architect, provides expert commentary at @Information Security Buzz.
"A regular scan of your external facing estate should pick up this issue. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@Javvad Malik, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
"Because security tools are usually the first point of contact, they run higher privilege...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Javvad Malik, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
"Because security tools are usually the first point of contact, they run higher privilege...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@David Higgins, EMEA Technical Director, provides expert commentary at @Information Security Buzz.
"In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@David Higgins, EMEA Technical Director, provides expert commentary at @Information Security Buzz.
"In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@Mounir Hahad, Head , provides expert commentary at @Information Security Buzz.
"This data could have been sitting in this hacker’s treasure trove for a number of months until they decided to publish it. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Mounir Hahad, Head , provides expert commentary at @Information Security Buzz.
"This data could have been sitting in this hacker’s treasure trove for a number of months until they decided to publish it. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@Laurence Pitt, Global Security Strategy Director, provides expert commentary at @Information Security Buzz.
"The data published lists only 900 servers. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Laurence Pitt, Global Security Strategy Director, provides expert commentary at @Information Security Buzz.
"The data published lists only 900 servers. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@Martin Cannard, Product Strategy, provides expert commentary at @Information Security Buzz.
"Owning the firewall or network device gets you through the door, but aside from DoS attacks, you still need a mechanism to launch an attack...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Martin Cannard, Product Strategy, provides expert commentary at @Information Security Buzz.
"Owning the firewall or network device gets you through the door, but aside from DoS attacks, you still need a mechanism to launch an attack...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Linkedin Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"In fact, over six hundred of the breached servers had been discovered as vulnerable last year...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"In fact, over six hundred of the breached servers had been discovered as vulnerable last year...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Doron Naim, Cyber Research Group Manager, provides expert commentary at @Information Security Buzz.
"In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked
Facebook Message
@Doron Naim, Cyber Research Group Manager, provides expert commentary at @Information Security Buzz.
"In the case of the Pulse Secure VPN breach, usernames, plain-text passwords, and IP addresses were exposed...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-900-pulse-secure-enterprise-vpn-passwords-leaked