U.S. Cybersecurity and Infrastructure Security Agency issues new alert urging organizations to patch vulnerable Pulse Secure VPN servers against ongoing attacks. Hackers have used stolen Active Directory credentials to infect systems of hospitals and govt entities using Ransomware payloads. Vulnerability tracked as CVE-2019-11510 was patched by Pulse Secure one year ago, but it’s still being used months after that. CISA urges organizations that have not yet done so to patch the vulnerability to the corresponding patches.
Source: https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/