Security News

A senior NSA official speaking to reporters last week said that telework infrastructure like VPNs have become a focus for malicious actors, which led the NSA to release a formal advisory on how to secure VPNs from cyberattacks. "VPN gateways tend to be directly accessible from the internet and are prone to network scanning, brute force attacks, and zero-day vulnerabilities," the NSA bulletin said.

Used within organizations of all sizes for remote connection to assets and for telework, VPNs can deliver the expected level of security if strong cryptography is employed and if admins perform regular assessments to identify and eliminate misconfigurations and vulnerabilities. Thus, the NSA recommends that network administrators avoid default settings and reduce the attack surface of VPN gateways, ensure that only CNSSP 15-compliant cryptographic algorithms are used, remove unused or non-compliant cryptography, and keep both VPN gateways and clients up to date.

Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible. Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

Researchers at Poland-based cybersecurity firm REDTEAM.PL have observed Black Kingdom ransomware attacks that exploit a Pulse Secure VPN vulnerability patched last year. Tracked as CVE-2019-11510 and featuring a CVSS score of 10, the vulnerability was the most severe of several security flaws identified in enterprise VPNs from Pulse Secure.

Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.

A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security. Cybercriminals have been keen to exploit COVID-19 to create coronavirus-related malicious apps, phony websites, and phishing emails.

ADVA announced that it is playing a key role in a unique research initiative extending post-quantum security to VPN networks. Leveraging the ADVA FSP 150 with ConnectGuard Ethernet encryption, the Quantum-Secure VPN Modules and Operation Modes project is testing new quantum-resistant algorithms in the packet domain.

Researchers analyzed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users' devices. VPNpro, a company that specializes in analyzing and comparing VPN services, analyzed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.

Specifically, organizations need visibility into the VPN. In some cases, businesses may not have considered remote employees at all when building their physical networks. The connections on the VPN and physical network should be monitored throughout the organization to ensure that IT has all the information they need to stop threats in their tracks and enable a fast response to malicious actors.