Hacker Leaks Passwords For 900+ Enterprise Vpn Servers | Zdnet:
EXCLUSIVE: The list has been shared on a Russian-speaking hacker forum frequented by multiple ransomware gangs.
A hacker has published [on August 4] a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.
According to a review, the list includes:
- IP addresses of Pulse Secure VPN servers
- Pulse Secure VPN server firmware version
- SSH keys for each server
- A list of all local users and their password hashes
- Admin account details
- Last VPN logins (including usernames and cleartext passwords)
- VPN session cookies
The security researcher noted that all the Pulse Secure VPN servers included in the list were running a firmware version vulnerable to the CVE-2019-11510 vulnerability.
[...] The publication of this list as a free download is a literal DEFCON 1 danger level for any company that has failed to patch its Pulse Secure VPN over the past year, as some of the ransomware gangs active on this forum are very likely to use the list for future attacks.
(Score: 2) by drussell on Monday August 10, @04:54AM (1 child)
Ok, I know I don't always run all the most up to date and 100% secure stuff in every place, on every server, but....
Geez, man!! What is up with that?!!
Seriously, like..... WTF?
Is nobody even pretending to try anymore?!! (facepalm)
(Score: 0) by Anonymous Coward on Monday August 10, @04:33PM
After being volunteered as safety inspector for our district and finding out a manager was altering my inspection results to make himself look glorious, somebody got hurt from a safety violation that was documented many times. I gave up that unpaid position after stating... "It's not my job."
It's bullshit games like this from management no matter what industry it is.
(Score: 2) by jmichaelhudsondotnet on Monday August 10, @06:31PM (1 child)
A Cracker, not a Hacker.
What is a good metaphor to compare how stupid this use of the word hacker is? After so long....
A cracker is to a hacker, what a thief is to a _______
a. acrobat
b. scientist
c. researcher
d. locksmith
e. overly curious person
f. trespasser
I dont have all day to sit here, can you think a of better one?
(Score: 0) by Anonymous Coward on Monday August 10, @10:39PM
If you live in a trailer park, you're probably a cracker, if you like to play with computers, you're probably a hacker. If you steal money from people, you're a piece of shit.