June 28, 2024 at 03:08PM TeamViewer disclosed that it was infiltrated by Russian cyber-spies, Cozy Bear, who gained access to its systems through a worker’s login. The breach was limited to non-production systems, with no evidence of accessing customer data. Similar to previous attacks, the group’s tactics align with known techniques, raising concerns about potential … Read more
June 27, 2024 at 08:43PM TeamViewer detected an irregularity in its corporate IT environment and promptly called in cybersecurity investigators and implemented remediation measures. While TeamViewer downplays the incident, NCC Group suggests an advanced persistent threat (APT) group’s compromise. Health sector warned of ongoing exploitation by APT29. Investigations are ongoing. Potential impact on customer data … Read more
June 19, 2024 at 08:39AM US, New Zealand, and Canada government agencies release guidance for organizations to adopt modern security solutions like Secure Service Edge (SSE) and Secure Access Service Edge (SASE) to enhance network access security. The document advises transitioning beyond VPNs due to recent cyber incidents and advocates for approaches aligned with zero … Read more
June 12, 2024 at 11:08AM Microsoft has deprecated its DirectAccess remote access solution and recommends companies to transition to ‘Always On VPN’ for increased security and ongoing support. Always On VPN, introduced as a successor to DirectAccess, supports modern VPN protocols and is more flexible, requiring users to plan and execute a migration to avoid … Read more
May 30, 2024 at 01:21PM Cloudflare announced the acquisition of BastionZero, a seed-stage startup based in Boston, Mass. The financial terms were not disclosed. BastionZero’s technology offers remote access to infrastructure for backend and cloud engineering teams. The acquisition fits into Cloudflare’s plan to extend its Zero Trust Network Access flows and enhance its VPN … Read more
May 30, 2024 at 05:48AM Check Point VPNs were targeted by threat actors exploiting a zero-day vulnerability, allowing access to enterprise networks through old VPN local accounts. The vulnerability, tracked as CVE-2024-24919, affects certain Check Point Security Gateways and allows hackers to extract password hashes. Mnemonic reported attacks using CVE-2024-24919 in customer environments since April … Read more
May 29, 2024 at 09:34AM Check Point releases hotfixes for VPN zero-day exploited in attacks targeting remote access to firewalls and corporate networks. The vulnerability (CVE-2024-24919) affects Check Point Security Gateways and impacts various product versions. Security updates have been issued, and installation instructions provided. A remote access validation script is available to review results … Read more
May 28, 2024 at 05:33AM Check Point advises customers to review VPN configurations to prevent abuse by threat actors, citing attempts to gain access through old VPN local accounts with password-only authentication. The company recommends using additional authentication measures, deploying products on security gateways, and disabling unnecessary local accounts. It also provides a script and … Read more
May 27, 2024 at 02:24PM Check Point warns of ongoing campaign targeting Remote Access VPN devices, affecting enterprise networks. Attackers exploit old local accounts’ insecure password-only authentication. Check Point advises customers to secure accounts and install a hotfix to block login attempts using password-only authentication. Cisco also reported credential brute-forcing attacks on VPN and SSH … Read more
May 24, 2024 at 02:16PM Claroty, a cyber-physical systems (CPS) protection company, has released proprietary data revealing security risks in mission-critical operational technology (OT) assets due to insecure internet connections and known vulnerabilities. To address this, they launched the Claroty xDome Secure Access, which balances secure control and frictionless access for enhanced productivity and reduced … Read more