Pulse Secure VPN and Android Phones Exploited in the Wild to Launch Attacks

Pulse Secure VPN and Android Phones Exploited in the Wild to Launch Attacks

Pulse Secure VPN is affected with a flaw that is tracked as CVE-2019-1150 and the flaw is rated as highly critical. A binder vulnerability is tracked as CVE-2019-2215 which affects Android phones. To launch cyberattacks on individuals and organizations cybercriminals have been found exploiting the existing vulnerabilities in Pulse Secure VPN and Android Phones. This flaw is used by the cybercriminals to push ransomware. As per the research the travel insurance and currency exchange provider Travelex are affected in the ongoing campaign.

REvil ransomware is used by the attackers and this is the reason for the company to take all of its systems offline and resort to manual operations at branches nationwide. This malware allows the attackers to connect via HTTPS to an enterprise network without the requirement of any valid username or password.

The attackers execute malicious code on enterprise networks on the logs and files, turn-off multifactor authentication, download arbitrary files using this malware. To mitigate such attacks Pulse Secure has asked the users to apply the patches immediately. Not only systems but also several Android devices are affected by the tracked malware CVE-2019-2215 The flaw can allow an elevation privilege from an application to the Linux kernel. It does require either the installation of a malicious local application or a separate vulnerability in a network-facing application. Upon discovery, Google has removed these apps from its Play Store.