Microsoft has started to send targeted notifications to dozens of hospitals about vulnerable public-facing VPN devices and gateways located on their network.
As part of their tracking of various groups
behind human-operated ransomware attacks, Microsoft has seen one of the operations known as REvil (Sodinokibi) targeting vulnerabilities in VPN devices and gateway appliances to breach a network.
Pulse VPN devices have been
known to be targeted by threat actors, with this vulnerability thought to be
behind the Travelex ransomware attack by REvil.
Other attackers such as
DoppelPaymer and
Ragnarok Ransomware were also seen in the past utilizing the
Citrix ADC (NetScaler) CVE-2019-1978 vulnerability to compromise a network.
... ...