FBI says nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. The FBI says that unidentified threat actors have used the CVE-2019-11510 flaw “to exploit notable US entities”” since August 2019. The vulnerability allows unauthenticated remote attackers to send specially crafted URIs to connect to vulnerable servers and read sensitive files containing user credentials. These can later be used to take control of an organizations’ systems and more.”
Source: https://www.bleepingcomputer.com/news/security/fbi-says-state-actors-hacked-us-govt-network-with-pulse-vpn-flaw/