Travelex ignored September warning over 'insecure' VPN server software

clock • 2 min read

Travelex among a large number of organisations running vulnerable Pulse Secure VPN software

Currency exchange specialist Travelex was warned about insecure virtual private networking (VPN) servers that it was running in September last year - but that warning appears to have been ignored.

The warning was issued by Chicago, Illinois-based security researcher Troy Mursch, tweeting under his @bad_packets account. He claims that he notified in the organisation about the vulnerable Pulse Secure VPN servers it was running on 13 September, but received no response from the company.

Travelex was one of a number of companies that Mursch informed, also informing the UK's National Cyber Security Centre at the same time. The NCSC sent out warning letters to affected organisations as a result of that warning.

But even now, according to UK-based security specialist Kevin Beaumont, a large number of organisations are still running iterations of Pulse Secure bearing a vulnerability identified 11 months ago.

And one-quarter of those vulnerable servers are located in the US, added Beaumont, at a time when Iran has threatened retaliation for the assassination of a senior general.

Today, the Travelex website and mobile app remain down with what the holding page describes as "planned maintenance". The website and associated currency exchange facilities were taken down on New Year's Eve following what the organisation had claimed was a virus outbreak.

Travelex's action has also affected currency exchange services from Barclays, HSBC, Sainsbury's Bank, First Direct and Virgin Money, which rely on Travelex. Users of the company's pre-paid foreign currency cards have also been affected, and left unable to top them up for more than a week.

The vacuum left behind by the lack of information about the nature of the attack has been filled with speculation, with anything from North Korean state actors to ransomware blamed for the extended downtime.

All Computing's coverage of the Travelex ransomware outbreak

You may also like
Fortinet addresses critical vulnerability in FortiClientLinux

Threats and Risks

FortiOS, FortiProxy, FortiClientMac and FortiSandbox also patched

clock 12 April 2024 • 3 min read
Fortinet appliances remain vulnerable to critical bug, risking cyberattacks

Threats and Risks

A significant portion of 133,000 vulnerable devices are located in Asia

clock 21 March 2024 • 2 min read
Ivanti VPN malware can survive a factory reset, warns CISA

Threats and Risks

'Assume a sophisticated threat actor may deploy rootkit level persistence'

clock 01 March 2024 • 2 min read

More on Security

Interview: Sharp UK, Security Excellence Awards finalist

Interview: Sharp UK, Security Excellence Awards finalist

'We make technology easy by listening, taking the time to understand our clients, and creating seamless solutions that work'

Computing Staff
clock 12 April 2024 • 4 min read
Interview: LRQA Nettitude, Security Excellence Awards finalist

Interview: LRQA Nettitude, Security Excellence Awards finalist

'We are the only cybersecurity team in the world with a full suite of CREST accreditations'

Computing Staff
clock 11 April 2024 • 4 min read
Interview: Nationwide Building Society, Security Excellence Awards finalist

Interview: Nationwide Building Society, Security Excellence Awards finalist

'Working hard on cyber and wider operational resilience means that whatever happens we can be increasingly confident of being there for our customers when they need us'

Computing Staff
clock 10 April 2024 • 3 min read