Security News
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws - CVE-2023-33009 and CVE-2023-33010 - are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system.
Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication. CVE-2023-33009: A buffer overflow vulnerability in the notification function in some Zyxel products, allowing an unauthenticated attacker to perform remote code execution or impose DoS conditions.
Microsoft is investigating major speed issues affecting L2TP/IPsec VPN connections after installing recent Windows 11 updates. Based on reports seen by BleepinComputer since the updates have been available, both updates are triggering the L2TP/IPsec VPN speed issues after deployment.
Given the proliferation of VPN solutions in the market, here is a roundup of the top enterprise VPN solutions in 2023. SonicWall Global VPN Client: Best lightweight enterprise VPN. SonicWall Global VPN Client is fast and efficient, providing RADIUS/certificate/Smart Card/USB authentication, VPN session reliability to redirect clients to other VPN gateways if problems occur, 168-bit key 3Data Encryption Standard and AES Advanced Encryption Standard security, specific subnet access and command-line options for installation, making it easy to deploy through automated software mechanisms.
Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. "Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition to reachable endpoints before creating new user accounts and leveraging custom scripts to automate the deployment and detonation of the ransomware encryptor via scheduled tasks," Kroll said in a report shared with The Hacker News.
TL;DR: You can currently get lifetime online protection with Ivacy VPN for only $18 using code IVACY5 via TechRepublic Academy. In our Secure Solutions Sale, you can now get a lifetime Ivacy VPN subscription for only $18 using the coupon code IVACY5 at TechRepublic Academy.
A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro researchers Jaromir Horejsi and Joseph C. Chen said.
Nord Security has released the source code of its Linux NordVPN client and associated networking libraries in the hopes of being more transparent and easing users' security and privacy concerns. As part of this announcement, NordVPN released the source code for its Linux applications and two libraries - Libtelio and Libdrop.
Secondly, introducing the dark web report in the U.S. will aid in better monitoring personal information.Google One has announced that VPN access will be expanded to all its plans, including the Basic plan that starts at $1.99/month.
Microsoft has released a new Windows 11 preview build with new features such as File Explorer access keys, a new VPN status indicator, and a new way to copy two-factor authentication codes from text messages. The new Access Keys features in File Explorer will enable users to execute any command in the context menu using keyboard strokes.