Posted on Apr 26, 2021
On April 20, 2021, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) issued a Cyber Activity Alert (AA21-110A) and an Emergency Directive (21-03) regarding vulnerabilities in Pulse Connect Secure products, which are popular virtual private network (VPN) remote access solutions. Pulse Secure, owned by Ivanti, also released an alert. These vulnerabilities are currently being exploited and have affected both government agencies and private companies.
These vulnerabilities are known as zero-day vulnerabilities because they were exploited before a patch is available to mitigate them. Zero-day attacks happen before anyone, often even the software developer itself, is even aware of the existence of the vulnerabilities, let alone devised a patch or other mitigation strategy.
SecurityScorecard has used its proprietary technology to scan the internet for publicly available data to find instances of this zero-day. We then added the results of this scanning as a new product feature to filter by the newest vulnerability identified by CISA and Pulse Secure, CVE 2021-22893, within the product allowing users to quickly determine whether their own organization and/or their vendors may have vulnerable instances of this vulnerability arising from compromised versions of the Pulse Secure product. The following is a screenshot of this new feature:
SecurityScorecard’s ability to quickly scan the internet for newly identified CVE’s and publish the findings across its platform (currently scoring over 5 million entities) demonstrates the power of our data (including years of historical data) which drive the ultimate ratings. Users can quickly identify if they, or an organization they are following (e.g., vendor or supplier), have been impacted by this previously unknown vulnerability and quickly take steps to mitigate this risk.
The map below is a scan from April 25, 2021, showing IP addresses where the vulnerability has been detected.
SecurityScorecard’s Investigations & Analysis (I&A) team has identified malicious activity associated with the same IPs where the CVE has been identified. In fact, we have found indications that Advanced Persistent Threat (“APT”) actors may be exploiting these vulnerabilities and the I&A team continues to research associated malware and Techniques, Tactics & Procedures to better understand the overall threat campaign. We intend to release research on this topic within the coming week.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.