The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks.
The post Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains appeared first on SecurityWeek.
Port Shadow Attack Allows VPN Traffic Interception, Redirection
Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic.
The post Port Shadow Attack Allows VPN Traffic Interception, Redirection appeared first on SecurityWeek.
PoC Published for Exploited Check Point VPN Vulnerability
PoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances.
The post PoC Published for Exploited Check Point VPN Vulnerability appeared first on SecurityWeek.
Check Point VPN Attacks Involve Zero-Day Exploited Since April
The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.
Check Point VPN Targeted for Initial Access in Enterprise Attacks
Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks.
The post Check Point VPN Targeted for Initial Access in Enterprise Attacks appeared first on SecurityWeek.
New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System
A new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of DHCP.
The post New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek.
Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.
The post Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks appeared first on SecurityWeek.
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek.
ExpressVPN User Data Exposed Due to Bug
ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed.
The post ExpressVPN User Data Exposed Due to Bug appeared first on SecurityWeek.
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products
In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.
The post CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products appeared first on SecurityWeek.