Security News
Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs. They say it is a liability that can be exploited by threat actors to bypass firewalls and give them access to people's systems and expose their sensitive data. Despite concerns and questions among security professionals, Apple released Big Sur to the public on Nov. 12.
Cisco informed customers on Wednesday that it's working on a patch for a code execution vulnerability affecting its AnyConnect product. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.
Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release.
Google announced on Thursday that Google One customers can now use a new virtual private network service that will provide them an extra layer of protection when they go online. The new VPN by Google One is available to customers who have subscribed to a 2 TB plan or higher.
A critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it, reverse engineers said this week. In a statement SonicWall said it "Was contacted by a third-party research team regarding issues related to SonicWall next-generation virtual firewall models." The spokesman went on to say that SonicWall's own engineers discovered even more vulns while reproducing Tripwire's findings, going on to develop patches for the whole lot.
UPDATE. A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. "The most notable aspect of this vulnerability is that the VPN portal can be exploited without knowing a username or password," Young told Threatpost.
Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw. "Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks," says a joint security advisory published by CISA and the FBI. Despite that, CISA added that it is "Aware of some instances where this activity resulted in unauthorized access to elections support systems."
The three new features provide adaptive threat profiling for Juniper's ATP Cloud, the integration of WootCloud HyperContext for device profiling, and Secure Connect VPN for remote working beyond the branch office. Adaptive Threat Profiling makes use of Juniper's SRX series firewalls to act as sensors throughout the network.
According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the certificate used for client authentication was issued by Fortinet or another trusted certificate authority. "Therefore, an attacker can easily present a certificate issued to a different FortiGate router without raising any flags, and implement a man-in-the-middle attack," researchers wrote, in an analysis on Thursday.
Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution-with default configuration-to enable employees to connect remotely are vulnerable to man-in-the-middle attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. The main reason for this is that the bundled default SSL certificate uses the router's serial number as the server name for the certificate.