Flaws in widely used corporate VPNs put company secrets at risk

Discussion in 'other security issues & news' started by ronjor, Jul 23, 2019.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,083
    Location:
    Texas
    Zack Whittaker@zackwhittaker 23 July 2019
     
  2. guest

    guest Guest

    Pulse Secure Says Majority of Customers Patched Exploited Vulnerability
    August 29, 2019
    https://www.securityweek.com/pulse-secure-says-majority-customers-patched-exploited-vulnerability
     
  3. guest

    guest Guest

    Active exploitation of VPN vulnerabilities
    September 17, 2019
    https://cyber.gc.ca/en/alerts/active-exploitation-vpn-vulnerabilities-0
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  5. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    It's almost like corporations should start using OpenVPN or Wireguard instead.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Hundreds of Dutch companies with unpatched Fortigate-VPN.

    At the moment I don't have links in English.
    Articles in Dutch:
    https://nos.nl/artikel/2303866-opnieuw-groot-risico-door-beveiligingslek-bij-thuiswerksysteem.html
    https://www.nu.nl/tech/6000030/hond...ven-kwetsbaar-door-gevaarlijk-lek-in-vpn.html

    This evening there will be a Dutch radio broadcast telling more: "Reporter Radio".
    According to the above articles Reporter Radio did research together with ESET NL.
    (At the moment I cannot find articles about it at the Reporter Radio site nor at the ESET site(s))
    According to the articles: They found that there are almost 900 Dutch companies who are using unpatched Fortigate-VPN although the Dutch NCSC (National Cyber Security Centre) has warned about it.
     
  8. guest

    guest Guest

    English:
    'Hundreds of Dutch companies vulnerable to dangerous VPN leak'
     
  9. guest

    guest Guest

    NCSC Alert
    Vulnerabilities exploited in VPN products used worldwide
    APTs are exploiting vulnerabilities in several VPN products used worldwide
    October 2, 2019

    https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities
     
  10. guest

    guest Guest

    Big Game Ransomware being delivered to organisations via Pulse Secure VPN
    January 4, 2020
    https://doublepulsar.com/big-game-r...ganisations-via-pulse-secure-vpn-bd01b791aad9
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    But it isn't it true that so called EDR systems should be able to block this stuff. I keep reading about how hackers are able to login and disable security software, but EDR should be able to alert about security software being disabled on machines. And it should also be able to spot ransomware activity and disconnect the infected machines from the network.

    https://blog.devolutions.net/2019/08/what-is-edr-and-why-do-you-need-it
     
  12. guest

    guest Guest

    FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
    January 17, 2020
    https://www.bleepingcomputer.com/ne...s-hacked-us-govt-network-with-pulse-vpn-flaw/
     
  13. guest

    guest Guest

    Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs
    November 22, 2020
    https://www.bleepingcomputer.com/ne...its-for-over-49-000-vulnerable-fortinet-vpns/
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,083
    Location:
    Texas
    Fortinet FortiOS System File Leak
     
  15. guest

    guest Guest

    NCSC Alert
    Alert: Critical risk to unpatched Fortinet VPN devices
    December 8, 2020
    https://www.ncsc.gov.uk/news/critical-risk-unpatched-fortinet-vpn-devices
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.