#NachoVPN

New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products

by

November 27, 2024 at 04:59AM Researchers from AmberWolf revealed a new attack method targeting corporate VPN clients, exposing vulnerabilities in widely used software like Palo Alto Networks and SonicWall. They published NachoVPN, an open-source tool to demonstrate these exploits. While patches exist, exploitation requires users to connect to rogue servers, often via social engineering. ### … Read more

New NachoVPN attack uses rogue VPN servers to install malicious updates

by

November 26, 2024 at 05:35PM Security researchers identified vulnerabilities in Palo Alto and SonicWall VPN clients, allowing attackers to exploit unpatched systems via rogue VPN servers. The “NachoVPN” tool simulates these attacks. Patches have been released, and AmberWolf provided advisories with mitigation recommendations to protect networks from these risks. ### Meeting Takeaways: NachoVPN Vulnerabilities 1. … Read more