Security News

With the new NETGEAR Insight Managed Business Router, these remote employees will simply need a BR200 in their home or remote office to connect to another BR200 in the main office and be able to access data residing on their office network securely. Designed specifically to enable businesses to instantly protect their networks with a secure site-2-site VPN and firewall rapidly and cost-effectively through the Insight Cloud Portal or mobile app, the Insight Managed Business Router comes with easy setup, firewall, VLAN management, and remote cloud monitoring and management from anywhere.

Windows users looking to install a VPN app are in danger of downloading one that's been bundled with a backdoor, Trend Micro researchers warn. The trojanized installer is offered on third-party download sites and users who download and run it are unlikely to notice that something is wrong with it.

Mozilla now offers a VPN service that protects Windows and mobile devices, and soon your Linux and macOS desktops. Mozilla has released their VPN service, which is currently available for Android, iOS, Windows, and will soon be available for Linux and macOS. The service offers fast network speeds, location selection, zero activity logs stored on Mozilla servers, is currently available in six countries, runs on a global network of servers powered by Mullvad, uses device-level encryption, has no bandwidth restrictions, makes use of 280+ servers in 30+ countries, and only costs you $4.99 per month for up to five devices.

Where Chinese hackers exploit, Iranians aren't far behind. So says the US Cybersecurity and Infrastructure Security Agency, which is warning that malicious persons from Iran are exploiting a slew of vulns in VPN products from Citrix, F5 Networks and Pulse Secure.

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

The Dutch national communication security authority, NLNCSA, has cleared international medical imaging IT and cybersecurity company Sectra's mobile VPN for use up to and including the RESTRICTED security level. Sectra's mobile VPN, for use up to and including the RESTRICTED security level, is a solution that was produced through a strategic partnership with Samsung.

ManageEngine announced that ADSelfService Plus, an integrated Active Directory self-service password management and single sign-on solution, now supports multi-factor authentication for VPNs to protect organizations' internal networks from unauthorized access. "VPN gateways are directly accessible through the internet and are prone to brute force and other types of attacks. Relying on credentials alone to protect VPN access to vital resources could result in immeasurable losses," said Parthiban Paramasivam, director of product management, ADSelfService Plus.

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs. Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say, opening a URL. "Many vulnerabilities had been found in previous versions of the VPN, so we were eager to see if we could find shortcomings of our own in the latest one," GoSecure's Jean-Frédéric Gauron explained.

One increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. Allen said a typical voice phishing or "Vishing" attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company's VPN platform in real-time.

UK workers are spending an extra two hours at work every day while people in the US are working three extra hours, according to an analysis of VPN data. NordVPN Teams found that people in both countries are still working the extra hours that started in April when coronavirus lockdowns started.