![fireeye pulse secure fireeye pulse secure](https://www.cyberworld.com.hk/wp-content/uploads/FireEye-Mandiant.jpg)
![fireeye pulse secure fireeye pulse secure](https://www.cybersecurity-help.cz/upload/iblock/1a6/1a61deb7f60749e05e066872b9b1a494.png)
(OVS: 66) CVE-2020-1472 – Microsoft Active Directory escalation of privileges – CVSS 10.0.(OVS: 43) CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs – CVSS 10.0.
#Fireeye pulse secure Patch#
Several of these vulnerabilities are the focus of blogs in our Twelve Vulns of Christmas blog series.Īmong these vulnerabilities routinely leveraged by FireEye’s red teams are many severe vulnerabilities with high CVSS 3.0 and Orpheus Vulnerability Scores (OVS), which FireEye has listed in order of prioritization in terms of patch management for its clients: Earning widespread praise for its quick disclosure and transparent response, FireEye has published a list of vulnerabilities that these tools exploit, in addition to a list of countermeasures developed specifically so that the firm’s clients would be able to detect if such tools were used against them. The group, which tends to conduct espionage in support of Russia’s strategic political objectives, reportedly stole tooling related to FireEye’s penetration testing capabilities. The cybersecurity provider FireEye has suffered a breach that media reporting has attributed to Russian state espionage group APT29 (AKA Cozy Bear). Stolen material included bespoke penetration-testing tools that exploit specific vulnerabilities frequently targeted by threat actors, which we unpack in this blog.
![fireeye pulse secure fireeye pulse secure](https://secrutiny.com/wp-content/uploads/2021/04/1105.png)
The breach affecting cyber security giant FireEye reaffirms that sophisticated adversaries can compromise even the most secure companies.