May 7, 2024 at 02:53PM “TunnelVision” is a new attack that bypasses VPN encryption, allowing attackers to intercept unencrypted traffic while appearing secure. Exploiting a flaw in DHCP, attackers set up a rogue server to alter routing and snoop on VPN traffic. The vulnerability affects various operating systems. Mitigation strategies include using network namespaces, denying … Read more
March 13, 2024 at 03:05AM Iranian hacktivists executed a supply chain attack on Israeli universities by breaching a local technology provider, Rashim Software, and accessing universities’ systems. Op Innovate confirmed the exposure of student data and identified weak access controls and email-based authentication as contributing to the breach. The incident highlights the risk of supply … Read more
March 7, 2024 at 09:34AM Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple … Read more
January 19, 2024 at 12:03AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched critical flaw in Ivanti Endpoint Manager Mobile and MobileIron Core to its Known Exploited Vulnerabilities catalog. The flaw enables unauthorized remote access and has been actively exploited, affecting several versions of the impacted software. Federal agencies are advised … Read more