Security News

An ongoing hacking campaign called 'Hiatus' targets DrayTek Vigor router models 2960 and 3900 to steal data from victims and build a covert proxy network. DrayTek Vigor devices are business-class VPN routers used by small to medium-size organizations for remote connectivity to corporate networks.

Microsoft Edge's built-in VPN functionality could soon begin rolling out to all users in the stable channel, with some users already getting access to the feature.Edge's VPN 'Edge Secure Network' uses Cloudflare and aims to protect your device and sensitive data as you browse, but remember it is not a proper replacement for your VPN. Unlike traditional VPN extensions or tools, Edge uses Cloudflare's routing to encrypt your internet connection and protect your data from online threats like hackers.

With so many options on the market, it's not easy to find the best VPN for you. Me VPN offers outstanding features, support for unlimited devices and a lifetime subscription, and it's now on sale for 86% off.

Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "Components of SecondEye - a legitimate monitoring application - to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis.

Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related targets. The security flaw abused in these incidents is a heap-based buffer overflow weakness found in the FortiOS SSLVPNd that allowed unauthenticated attackers to crash targeted devices remotely or gain remote code execution.

The reality of VPN vs. ZTNA. For a while now, VPN has been the proven, go-to solution when thinking about the best way to provide secure connectivity and ensure safety of data in transit. According to a recent poll, 81% of respondents currently utilize VPN to support remote work and 87% of the respondents who still use VPN say they have implemented at least one other solution to close the gaps.

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

Taiwan-based NAS maker Synology has addressed a maximum severity vulnerability affecting routers configured to run as VPN servers. VPN Plus Server is a virtual private network server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router.

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475, the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests.

Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices."A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests," warns Fortinet in a security advisory released today.