VPN

Researchers reveal exploitable flaws in corporate VPN clients

Researchers reveal exploitable flaws in corporate VPN clients 2024-11-26 at 17:33 By Zeljka Zorz Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App on […]

React to this headline:

Loading spinner

Researchers reveal exploitable flaws in corporate VPN clients Read More »

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains 2024-08-12 at 19:01 By Ryan Naraine The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks. The post Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains Read More »

Port Shadow Attack Allows VPN Traffic Interception, Redirection

Port Shadow Attack Allows VPN Traffic Interception, Redirection 2024-07-18 at 16:01 By Eduard Kovacs Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic.  The post Port Shadow Attack Allows VPN Traffic Interception, Redirection appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Port Shadow Attack Allows VPN Traffic Interception, Redirection Read More »

PoC Published for Exploited Check Point VPN Vulnerability

PoC Published for Exploited Check Point VPN Vulnerability 2024-06-03 at 15:46 By Ionut Arghire PoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances. The post PoC Published for Exploited Check Point VPN Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

PoC Published for Exploited Check Point VPN Vulnerability Read More »

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Check Point VPN Attacks Involve Zero-Day Exploited Since April 2024-05-30 at 12:46 By Eduard Kovacs The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords. The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Check Point VPN Attacks Involve Zero-Day Exploited Since April Read More »

Attackers are probing Check Point Remote Access VPN devices

Attackers are probing Check Point Remote Access VPN devices 2024-05-28 at 12:46 By Zeljka Zorz Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets

React to this headline:

Loading spinner

Attackers are probing Check Point Remote Access VPN devices Read More »

Check Point VPN Targeted for Initial Access in Enterprise Attacks

Check Point VPN Targeted for Initial Access in Enterprise Attacks 2024-05-28 at 12:31 By Eduard Kovacs Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks.  The post Check Point VPN Targeted for Initial Access in Enterprise Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Check Point VPN Targeted for Initial Access in Enterprise Attacks Read More »

New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System

New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System 2024-05-08 at 17:01 By Ionut Arghire A new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of DHCP. The post New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek.

React to this headline:

Loading spinner

New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System Read More »

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same

React to this headline:

Loading spinner

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »

56% of cyber insurance claims originate in the email inbox

56% of cyber insurance claims originate in the email inbox 2024-04-25 at 13:01 By Help Net Security 56% of all 2023 claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), highlighting the importance of email security as a critical aspect of cyber risk management, according to Coalition. The 2024 Cyber

React to this headline:

Loading spinner

56% of cyber insurance claims originate in the email inbox Read More »

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks 2024-04-17 at 17:01 By Ionut Arghire Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services. The post Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks Read More »

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability 2024-04-08 at 18:01 By Ionut Arghire Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution. The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability Read More »

Ivanti vows to transform its security operating model, reveals new vulnerabilities

Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months

React to this headline:

Loading spinner

Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker

React to this headline:

Loading spinner

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

ExpressVPN User Data Exposed Due to Bug

ExpressVPN User Data Exposed Due to Bug 2024-02-12 at 16:16 By Ionut Arghire ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed. The post ExpressVPN User Data Exposed Due to Bug appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

ExpressVPN User Data Exposed Due to Bug Read More »

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products 2024-02-01 at 19:01 By Ryan Naraine In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. The post CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products appeared first

React to this headline:

Loading spinner

CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

Loading spinner

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days 2024-01-11 at 00:01 By Ryan Naraine Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22. The post Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days Read More »

Google Play will mark independently validated VPN apps

Google Play will mark independently validated VPN apps 06/11/2023 at 13:49 By Helga Labus Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section. “We’ve launched this banner beginning with VPN apps due to

React to this headline:

Loading spinner

Google Play will mark independently validated VPN apps Read More »

Scroll to Top