Security News > 2024 > December > Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine
2024-12-01 09:00
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. Cybercriminals used a gaming engine to create undetectable malware loader Threat actors are using an ingenious new way for covertly delivering malware … More → The post Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine appeared first on Help Net Security.
News URL
Related news
- Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)
- Cybercriminals used a gaming engine to create undetectable malware loader (source)
- Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-27 | CVE-2024-5921 | An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. | 0.0 |
| 2024-07-18 | CVE-2024-29014 | Unspecified vulnerability in Sonicwall Netextender Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | 8.8 |