December 3, 2024 at 06:03AM Cybersecurity researchers identified vulnerabilities in Palo Alto Networks and SonicWall VPN clients, allowing potential remote code execution on Windows and macOS systems. Exploiting these flaws via a rogue VPN server could lead to malicious software installation. Users are urged to apply patches to mitigate risks. No active exploitation reported yet. … Read more
November 26, 2024 at 05:35PM Security researchers identified vulnerabilities in Palo Alto and SonicWall VPN clients, allowing attackers to exploit unpatched systems via rogue VPN servers. The “NachoVPN” tool simulates these attacks. Patches have been released, and AmberWolf provided advisories with mitigation recommendations to protect networks from these risks. ### Meeting Takeaways: NachoVPN Vulnerabilities 1. … Read more
November 21, 2024 at 09:39AM A design flaw in Fortinet’s VPN logging mechanism allows successful credential verifications during brute-force attacks to go unlogged. Researchers from Pentera discovered that halting the login process post-authentication prevents successful attempts from being recorded, risking undetected breaches. Fortinet does not classify the issue as a vulnerability. ### Meeting Takeaways: 1. … Read more
November 19, 2024 at 01:03PM D-Link is advising customers to replace outdated VPN router models due to a serious, unpatched vulnerability that allows for unauthenticated remote code execution. This security flaw poses significant risks, and affected devices will not receive fixes. ### Meeting Takeaways: 1. **Security Alert from D-Link**: Customers are being advised about a … Read more
November 16, 2024 at 02:24AM A threat actor named BrazenBamboo has exploited a zero-day vulnerability in Fortinet’s FortiClient for Windows to extract VPN credentials using a tool called DEEPDATA. Discovered by Volexity, this malware, used in cyber espionage, is part of a broader framework encompassing various communication platforms and data exfiltration capabilities. ### Meeting Takeaways … Read more
November 14, 2024 at 05:30PM A critical vulnerability (CVE-2024-47574) in Fortinet’s FortiClient VPN could allow unauthorized code execution and privilege escalation on Windows systems. Patched in version 7.4.1, it has a 7.8 CVSS rating. Another flaw (CVE-2024-50564) allows altering SYSTEM-level registry keys. Both vulnerabilities were not exploited in the wild. **Meeting Takeaways:** 1. **High-Severity Vulnerability … Read more
October 26, 2024 at 01:44PM Cisco has implemented new security features for ASA and Firepower Threat Defense to combat brute-force and password spray attacks, enhancing network protection and resource efficiency. The update allows admins to configure settings to block repeated failed login attempts and other malicious connection attempts, significantly reducing successful attack rates. ### Meeting … Read more
October 24, 2024 at 11:59AM Cisco has quickly released a patch for a medium-severity DoS vulnerability (CVE-2024-20481) in its VPN software, which is actively exploited. The flaw allows attackers to overload the system with authentication requests. Cisco advises updating software and implementing security measures to mitigate risks, as no workarounds are available. ### Meeting Takeaways … Read more
October 14, 2024 at 05:00AM Threat actors are exploiting a critical vulnerability in Veeam Backup & Replication (CVE-2024-40711) to deploy Akira and Fog ransomware, leveraging compromised VPN credentials. Sophos warns of successful attacks via unprotected systems. In parallel, new ransomware variants like Lynx and Trinity are emerging, highlighting increasing cybersecurity threats across sectors. ### Meeting … Read more
July 18, 2024 at 09:03AM Researchers from several universities have identified a vulnerability, named Port Shadow (CVE-2021-3773), that allows threat actors to exploit VPNs to launch man-in-the-middle attacks, intercepting and redirecting traffic. This affects OpenVPN, WireGuard, and OpenConnect on Linux or FreeBSD. Mitigation involves specific firewall rules, and end users are advised to connect to … Read more