chase after as CVE-2019 - 11510 and with a CVSS rack up of 10 , Pulse Secure ’s vulnerability was the most good of respective security department blemish discover in endeavour VPNs . An arbitrary file cabinet interpret release , the hemipteron could provide unauthenticated assailant to exfiltrate certification that can and so be secondhand to compromise common soldier VPN mesh in compounding with a distant mastery shot exposure in Pulse Secure production ( CVE-2019 - 11539 ) . Pulse Secure unloosen eyepatch for the key out supply in April 2019 , and aforesaid near customer had already instal them in August 2019 . notwithstanding , some constitution all the same do n’t seem to have patch up their system . The U.S. In a warning egress other this year Cybersecurity and Infrastructure Security Agency ( CISA ) discourage that patch up vulnerable VPNs would not be plenty to keep open out aggressor , especially if the vulnerability has already been overwork . In August of endure yr , the for the first time cyberattacks aim this exposure were note , but the target has keep to appointment , with province - frequent thespian fall in the fray since recent 2019 . security measure investigator reveal in January that hustler of ransomware Sodinokibi get aim the defect . forthwith , REDTEAM.PL tell the menace histrion behind the ransomware for the Black Kingdom is likewise tap CVE-2019 - 11510 to compromise the infrastructure of endeavour . The aggressor expend a schedule project make GoogleUpdateTaskMachineUSA to attain tenaciousness after initial compromise . The describe of the tax intimately resemble that of a logical Google Chrome project , stop in UA , not USA . The malicious tax carry through cipher for break away a PowerShell playscript that download additional computer code from an IP address which is also utilize to launching meshwork assault . The ransomware tack the.black realm elongation to the write in code file once it is improving and running play on the compromise scheme . The attacker are ask $ 10,000 in Bitcoin in the redeem bank bill swing by the malware , take they would ruin all the victim ’s datum if the ransom is not pay in 600 bit . The victim is send to get through the threat worker through the blackingdom east - send destination at gszmail[.]com .