back to article That Pulse Secure VPN you're using to protect your data? Better get it patched – or it's going to be ransomware time

Hackers are taking advantage of unpatched enterprise VPN setups ‒ specifically, a long-known bug in Pulse Secure's code ‒ to spread ransomware and other nasties. British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point …

  1. FlamingDeath
    IT Angle

    Yeah but...

    Pulse Secure probably has a terms of service license agreement which basically says, "fuck you, we're not responsible" and lusers agreed to this

    A quick browse of their website does through up a sense of irony

    This is their strapline

    "Zero Trust Access made Easy, Comprehensive, Flexible"

    1. Doctor Syntax Silver badge

      Re: Yeah but...

      If the users don't patch when they're informed then such a term would be essential. After all those users are responsible. Even the one in the twitter thread, assuming they're still with the same MSP.

      The Pulse Secure response can be summarised as "You can lead a horse to whater but some of them are mules." That's the problem.

    2. big_D Silver badge
      Facepalm

      Re: Yeah but...

      So, you are saying that Pule Secure is responsible, because it fixed the problem, informed the users multiple time over multiple channels and the users have still ignored the warnings for 9 months?

    3. phuzz Silver badge
      Gimp

      Re: Yeah but...

      Well, Microsoft take the approach of forcing end users to patch, and look how popular that is.

    4. Anonymous Coward
      Anonymous Coward

      Re: Yeah but...

      You're wrong, and they also patched this more than 8 months ago. I also don't know of any corporate vpn hardware/software provider that's had 0 bugs of this severity.

    5. J. Cook Silver badge

      Re: Yeah but...

      They do have a EULA that states that they aren't liable for a breach, more or less. It's the same standard legal boilerplate that everyone else uses in that regard.

      I'm assuming you mean this:

      https://support.pulsesecure.net/product-service-policies/eula/

      However, they *do* send out notifications about updates to companies that have support agreements in place with them for upgrades; It's still on the company that purchased the product to download and install said updates.

      The beef I have with them is that you *must* have an active support contract to download updates, even critical ones like the one mentioned in the article.

  2. Dog Eatdog
    FAIL

    Travelex TITSUP

    Oh dear, it seems that Travelex has been pwned AND customers (allegedly) have had their data stolen.

    https://www.bbc.com/news/business-51017852

    They should have heeded that warning!

    1. Anonymous Coward
      Anonymous Coward

      Re: Travelex TITSUP

      Based on other points noted on Twitter and elsewhere about the Travelex malware outbreak, everything was out of date and unpatched.

      It may take a little effort to determine who got there first, whether they have only been compromised once and whether the actions Travelex are taking are making the problem better or worse. Based on other malware/ransomware, sometimes the recovery steps rapidly increase the problems until you realise you are part of the problem and get in a third party to do things properly....

      1. Prst. V.Jeltz Silver badge

        Re: Travelex TITSUP

        what? do you want to elaborate on that?

        What criteria are you using to establish a companys incompetance to restore backups themslves and make things worse?

        apart from , yes , they been pwned but , you know , after that wake up call ...

  3. Anonymous Coward
    Anonymous Coward

    Useful info

    Interesting that Bad Packets maintain a list of source addresses for attacks detected by their honeytraps. Would it be too much to hope that it can be correlated with the successful attacks on companies like Travelex and used to identify the perpetrators?

    1. Wellyboot Silver badge

      Re: Useful info

      Only if the ransom crew are script kiddies working from home, most likely it will lead to a daisy chain of other compromised systems in 3rd party countries that do not log their connections (because they're compromised!). If each chain is used only once for a short time then the trail will just stop dead unless you're capable of hacking through these systems quickly enough (breaking lots of laws on the way) to reach the source.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020