Security News
The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions. The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions.The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."
Cybersecurity professionals rely on VPNs to secure remote endpoints with an organization's home network. "It is critical that companies take a proactive stance to security and implement a long-term remote security strategy," continued Prassl.
On Wednesday, BleepingComputer reported that it's been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer. The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices.
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday.
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid.
VPNs have been used by businesses and individuals across the globe, but now the tide is turning. Over time, criminals have been able to identify and manipulate security flaws found in technology, and VPNs are no exception.
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process."
Does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of data protection? A VPN can't simply protect you from every single type of cyber attack.
PacketFabric announced that it has released native support of IPsec VPN tunnels as a connection type for its Cloud Router product. "The cloud is all about scale and flexibility. But traditional cloud connectivity hasn't delivered scalability or flexibility. You've had to backhaul traffic through data centers, wait an entire ice age for circuits to provision, rely on unpredictable Internet, or deal with inflexible long-term telco-style contracts," said PacketFabric Chief Technology Officer and Chief Product Officer Anna Claiborne.