[Year 12 SofDev] Fwd: SANS NewsBites Vol. 21 Num. 058 : Ransomware Hits Electric Power Provider and 3 Louisiana School Districts; VPN Flaws Affect Widely Used Products

Fri Jul 26 23:20:38 UTC 2019

Sent from an iPad PRO

Begin forwarded message:

From: SANS NewsBites <newsbites at email.sans.org<mailto:newsbites at email.sans.org>>
Date: 27 July 2019 at 4:34:01 am AEST

Subject: SANS NewsBites Vol. 21 Num. 058 : Ransomware Hits Electric Power Provider and 3 Louisiana School Districts; VPN Flaws Affect Widely Used Products
Reply-To: SANS Institute <reply-fec311717d610c7c-104_HTML-101058480-7230382-964 at email.sans.org<mailto:reply-fec311717d610c7c-104_HTML-101058480-7230382-964 at email.sans.org>>

VPN Flaws Affect Widely Used Products
(July 23, 2019)

Critical flaws in popular virtual private networks (VPNs) could be exploited to gain access to corporate networks and steal data. The flaws are easily remotely exploitable; they affect VPNs from Palo Alto Networks, Pulse Secure, and Fortinet. All three have released advisories and updates to address the issues. Devcore researchers plan to discuss their findings about the flaws at the Black Hat security conference next month.

Editor's Note

[Pescatore<https://www.sans.org/newsletters/newsbites/editorial-board#john-pescatore>]
This is a good reminder about the importance of a complete and accurate software inventory. Patches for this vulnerability have been out for a while but often tools or components like VPN software are overlooked.

[Neely<https://www.sans.org/newsletters/newsbites/editorial-board#lee-neely>]
While the patches have been out for a bit, scans found many devices online still running the vulnerable code. Make sure that your boundary protections, including VPN, Firewalls, IDS/IPS are in your maintenance schedule with priority for updates. You may need to acquire non-production units to satisfy regression testing requirements.

Read more in:
- techcrunch.com<http://techcrunch.com/2019/07/23/corporate-vpn-flaws-risk/>: Flaws in widely used corporate VPNs put company secrets at risk
- www.zdnet.com<http://www.zdnet.com/article/uber-hit-by-critical-vulnerability-in-palo-alto-vpn-solution/>: Critical flaw in Palo Alto VPN solution impacts Uber, other enterprises may be at risk
- nvd.nist.gov<http://nvd.nist.gov/vuln/detail/CVE-2019-11510>: CVE-2019-11510 Detail
- securityadvisories.paloaltonetworks.com<http://securityadvisories.paloaltonetworks.com/Home/Detail/158>: Advisory (CVE-2019-1579)
- fortiguard.com<http://fortiguard.com/psirt/FG-IR-18-384>: FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests
- kb.pulsesecure.net<http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101>: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX
IMPORTANT - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Training.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://edulists.com.au/pipermail/sofdev/attachments/20190726/0eee512a/attachment.html>