Security News
Infamous Iranian hacking groups APT33 and APT34 appear to have been working together for the past three years to compromise dozens of organizations worldwide, and their attacks involved some of the enterprise VPN vulnerabilities disclosed last year, ClearSky reports. Since 2017, the two groups likely collaborated as part of an offensive campaign targeted at numerous companies and organizations from the IT, telecommunications, oil and gas, aviation, government, and security sectors around the world, ClearSky says in a new report.
Zyxel Communications launched the ZyWALL VPN1000 VPN Firewall, an all-in-one security solution for small and medium businesses. The flagship of the growing Zyxel family of ZyWALL VPN firewalls, VPN1000 is an integrated security solution that combines a powerful firewall with high-performance VPN tunnel capabilities to protect the local network against threats and safeguard data communications between multiple locations or hybrid clouds.
This week we look at VPN vulnerabilities [11:13], dig into the Snake ransomware [23:11], and decide whether our phones are spying on us [32:09]. Mark also revisits his growing list of pet peeves and Anna tests whether getting deep fake feet to your phone via SMS is real.
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability. "Although Pulse Secure disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency continues to observe wide exploitation of CVE-2019-11510," CISA said.
Take this week's revelation by researcher Kevin Beaumont that serious vulnerabilities in Pulse Secure's Zero Trust business VPN system are being exploited to break into company networks to install the REvil ransomware. His evidence comprises anecdotal reports from victims mentioning unpatched Pulse Secure VPN systems being used as a way in by REvil.
More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart. While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."
Hackers are taking advantage of unpatched enterprise VPN setups specifically, a long-known bug in Pulse Secure's code to spread ransomware and other nasties. British infosec specialist Kevin Beaumont says a severe hole in Pulse Secure's Zero Trust Remote Access VPN software is being used by miscreants as the entry point for inserting malware attacks.
On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150. The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.
A widely known vulnerability affecting an enterprise VPN product from Pulse Secure has been exploited by cybercriminals to deliver a piece of ransomware, a researcher has warned. They can use the obtained credentials in combination with a remote command injection vulnerability in Pulse Secure products, allowing them to gain access to private VPN networks.
Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.