A list of plaintext usernames, passwords, and IP addresses allegedly stolen from over 900 Pulse Secure VPN servers has been released on a popular Russian language hacking forum. Many intelligence firms, including Binary Defense, have verified the authenticity of the leaked information. The threat actor scanned the Internet looking for any Pulse Secure VPN servers that were running a vulnerable version of the firmware. After finding the servers, they exploited the vulnerability to gain access to each server and collect the data from it. The scans appear to have happened from June 24 to July 8, 2020.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security