VPN

Pierluigi Paganini September 25, 2020
Fortinet VPN with default certificate exposes 200,000 businesses to hack

According to SAM Seamless Network, over 200,000 businesses are using Fortigate VPN with default settings, exposing them to the risk of a hack. In response to the spreading of Coronavirus across the world, many organizations deployed VPN solutions, including Fortigate VPN, to allow their employers to work from their homes. The configuration of the VPN […]

Pierluigi Paganini August 05, 2020
Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet […]

Pierluigi Paganini July 21, 2020
7 VPN services left data of millions of users exposed online

vpnMentor experts reported that seven Virtual Private Network (VPN)  recently left 1.2 terabytes of private user data exposed to online. Security experts from vpnMentor have discovered a group of seven free VPN (virtual private network) apps that left their server unsecured online exposing private user data for anyone to see.  The impacted VPN services are UFO […]

Pierluigi Paganini February 02, 2020
The Russian Government blocked ProtonMail and ProtonVPN

The popular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. Roskomnadzor explained that the services were abused by cybercriminals and that Proton Technologies refused to register them with state authorities. The […]

Pierluigi Paganini January 17, 2020
Chinese police arrested the operator of unauthorized VPN service that made $1.6 million from his activity

Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring of the cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as the Great Firewall. The Great Firewall project already blocked access to more hundreds of the world’s 1,000 top […]

Pierluigi Paganini January 11, 2020
CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that attackers continue to exploit the well known Pulse Secure VPN vulnerability tracked as CVE-2019-11510. The CVE-2019-11510 flaw in Pulse Connect Secure […]

Pierluigi Paganini December 23, 2019
Op Wocao – China-linked APT20 was able to bypass 2FA

China-linked cyber espionage group APT20 has been bypassing two-factor authentication (2FA) in recent attacks, cyber-security firm Fox-IT warns. Security experts from cyber-security firm Fox-IT warns of a new wave of attacks, tracked as Operation Wocao, carried out by China-linked cyber espionage group APT20 that has been bypassing 2FA. The attacks aimed at government entities and […]

Pierluigi Paganini October 09, 2019
Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to […]

Pierluigi Paganini October 06, 2019
UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure According to the UK’s National Cyber Security Centre (NCSC), advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors […]

Pierluigi Paganini September 23, 2019
Privilege Escalation flaw found in Forcepoint VPN Client for Windows

Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. Security expert Peleg Hadar of SafeBreach Labs discovered a privilege escalation vulnerability, tracked as CVE-2019-6145, that affects all versions of VPN Client for Windows except the latest release. The […]