In the recent Pulse Secure attack of April 2021, hackers exploited a zero-day vulnerability in Pulse Secure VPN devices taking advantage of a security flaw which allowed unauthorized access of their Pulse Connect Secure Gateway. Once attackers became aware of the latest vulnerability, they were able to gain access to the system and run their own malicious code on it.
In this security brief, we examine how cybercriminals were able to exploit the vulnerability, why this attack matters from the targets to the VPN technology, what we can learn from the attack and how companies can protect their networks, critical data and employees in the future.