VPN Archives

Vulnerabilities

New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products

Palo Alto Networks and SonicWall VPNs affected by vulnerabilities allowing remote code execution and privilege escalation.

Eduard KovacsNovember 27, 2024

Malware & Threats

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report

The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched.

Ionut ArghireNovember 18, 2024

Funding/M&A

Malwarebytes Acquires VPN Provider AzireVPN

Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.

Ionut ArghireNovember 8, 2024

Endpoint Security

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

The vulnerabilities, patched in OpenVPN 2.6.10, expose users on the Windows platform to remote code execution attacks.

Ryan NaraineAugust 12, 2024

Privacy

Port Shadow Attack Allows VPN Traffic Interception, Redirection

Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic.

Eduard KovacsJuly 18, 2024

Malware & Threats

PoC Published for Exploited Check Point VPN Vulnerability

PoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances.

Ionut ArghireJune 3, 2024

Malware & Threats

Check Point VPN Attacks Involve Zero-Day Exploited Since April

The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.

Eduard KovacsMay 30, 2024

Identity & Access

Check Point VPNs Targeted to Hack Enterprise Networks

Check Point is warning customers that threat actors are targeting insecure VPN instances for initial access to enterprise networks.

Eduard KovacsMay 28, 2024

Vulnerabilities

New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System

A new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of...

Ionut ArghireMay 8, 2024

Malware & Threats

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.

Ionut ArghireApril 17, 2024

Network Security

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.

Ionut ArghireApril 8, 2024

Vulnerabilities

ExpressVPN User Data Exposed Due to Bug

ExpressVPN disables split tunneling on Windows after learning that DNS requests were not properly directed.

Ionut ArghireFebruary 12, 2024

SECURITYWEEK NETWORK:

ICS:

All posts tagged "VPN"

Vulnerabilities

New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products

Malware & Threats

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report

Funding/M&A

Malwarebytes Acquires VPN Provider AzireVPN

Endpoint Security

Microsoft Warns of OpenVPN Vulnerabilities, Potential for Exploit Chains

Privacy

Port Shadow Attack Allows VPN Traffic Interception, Redirection

Malware & Threats

PoC Published for Exploited Check Point VPN Vulnerability

Malware & Threats

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Identity & Access

Check Point VPNs Targeted to Hack Enterprise Networks

Vulnerabilities

New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System

Malware & Threats

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

Network Security

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

Vulnerabilities

ExpressVPN User Data Exposed Due to Bug

Featured

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Mobile & Wireless

Paragon Spyware Attacks Exploited WhatsApp Zero-Day

Cloud Security

What’s Behind Google’s $32 Billion Wiz Acquisition?

Phishing

Scareware Combined With Phishing in Attacks Targeting macOS Users

Funding/M&A

Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash

Artificial Intelligence

ChatGPT Tool Vulnerability Exploited Against US Government Organizations

Artificial Intelligence

Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services

Latest News

Vulnerabilities

In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw

Data Breaches

Ransomware Group Claims Attack on Virginia Attorney General’s Office

Supply Chain Security

Watch on Demand: Supply Chain & Third-Party Risk Security Summit

Artificial Intelligence

New Jailbreak Technique Uses Fictional World to Manipulate AI

Nation-State

Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley

Cloud Security

Industry Reactions to Google Buying Wiz: Feedback Friday

Data Breaches

Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover

Daily Briefing Newsletter