VPN compromised, about what you’d expect ensued

Back in April a company called Pulse Secure issued a patch and a dire warning to upgrade the corporate VPN software the produced or all the bad things. Well, all the bad things.

What happens when a VPN provider gets compromised? [shakes stick at cloud] anything! As many now-ransomwared companies are finding out.

Now, what makes this different than say the VPN company we found out about a year plus later who’s still conducting forensic analytics on an intrusion and will be forever as they claim they don’t keep logs, is that the software was in the hands of a bunch of IT departments who were given notices again and again to upgrade.

The compromised VPN software was used in multiple ways and for multiple companies, but the latest victim we’re hearing about was Travelex, who got ransomwared to death.

While there are probably always going to be bugs that need patched, leaving 8-month old corporate VPN software where there have been multiple warnings and upgrades available is just… meh.

So yeah, update your security software. The people running the VPN in this case were the corporations it was sold to, and evidently they had no business being in the security game.

[ARS Technica]
Liked it? Take a second to support Pocketables on Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Google+ | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts