A list containing clear usernames and passwords as well as IP addresses of more than 900 VPN servers belonging to Pulse Secure VPN has been posted online and shared on a hacking forum used by cybercriminals. As reported by ZDNet breaking the story, the authenticity of the list has been verified by multiple sources in the cybersecurity community and includes IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware versions, SSH keys for all 900 servers, clear usernames and passwords. , administrator account details, VPN session cookies and more. Threat intelligence company Bank Security first discovered the list online and then shared it with the media. One of the company's security researchers pointed out that all the listed VPN servers were running an older firmware version that is vulnerable to an authentication bypass vulnerability tracked as CVE-2019-11510. Bank Security researchers believe the hacker scanned all IPv4 addresses on the Internet for Pulse Secure VPN servers and then exploited the vulnerability to gain access to company systems and server details. This information was then collected in a central repository, and based on the timestamps on the list, usernames, passwords, and server details appear to have been collected between June 24 and July 8.
Pulse secure VPN data download
Threat intelligence firm Bad Packets has been scanning the web for vulnerable Pulse Secure VPN servers since August last year, when the CVE-2019-11510 vulnerability was made public. ZDNet has reached out to the company about the listing and its co-founder and lead researcher Troy Mursch provided additional information on the matter, saying: "Of the 913 unique IP addresses found in this dump, 677 were detected by CTI Bad Packets scans as vulnerable. to CVE-2019-11510 when the exploit was made public last year." Based on the list, it appears that 677 companies have not patched their VPN software since the vulnerability was made public. However, solutions will no longer suffice as vulnerable organizations will also have to change their usernames and passwords to avoid falling victim to potential attacks. Businesses using Pulse Secure VPN should patch their systems and update their credentials immediately, as the list was also shared on a hacker forum frequented by various ransomware operators, including the cybercriminals behind Sodinokibi and Lockbit. This means that the credentials of many Pulse Secure VPN customers are not only available online, but are likely already in the hands of cybercriminals who will use this leaked information to their advantage.- Also check out our full list of the best VPN services.