The Department of Homeland Security CISA leads the effort to enhance the security, resiliency, and reliability of the Nation's cybersecurity and communications infrastructure. Today they released and urgent report.

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an alert on advanced persistent threat (APT) actors exploiting vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert for more information and to review the following security advisories and apply the necessary updates:

• Palo Alto Security Advisory PAN-SA-2019-0020
• FortiGuard Security Advisory FG-IR-18-384
• FortiGuard Security Advisory FG-IR-18-388
• FortiGuard Security Advisory FG-IR-18-389
• Pulse Secure Security Advisory SA44101

According to Fortinet: A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

According to PulseSecure: Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS).  This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform a remote arbitrary file access on the Pulse Connect Secure gateway. This advisory also includes a remote code execution vulnerability that can allow an authenticated administrator to perform remote code execution on Pulse Connect Secure and Pulse Policy Secure gateways. Many of these vulnerabilities have a critical CVSS score and pose significant risk to your deployment. 

Palo Alto Networks is aware of the reported remote code execution (RCE) vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products. The issue is already addressed in prior maintenance releases. Successful exploitation of this issue allows an unauthenticated attacker to execute arbitrary code.

Keeping systems patched is crucial and an important part of cybersecurity.

How your organization can stay safe:

1) Determine if you are in possession of private information for New York residents, even if you are not conducting business in New York. This may be the opportunity to assess whether you need to retain this information for ongoing business purposes.

2) Ensure that you have administrative, technical, and physical safeguards in place that comply with the requirements of the SHIELD Act.

3) Develop, or revisit, internal policies for how the company will identify and respond to a data breach. Ensure that your employees understand the policies and that they are properly implemented.

4) This is a good time to re-evaluate corporate cybersecurity – new attacks are launched constantly against organizations. We reported recently that a new IRS scam warning has been disseminated by the IRS – warning people to be careful not to click on emails from the organization as they are likely malicious messages disguised to look like they emanated from the agency.

5) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

6) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great.

7) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.