Check Point released an emergency fix for a zero-day vulnerability being exploited to target its Remote Access VPN devices.
Remote Access VPNs are integrated into all Check Point networks via VPN clients and were targeted to try to breach corporate networks.
The company on Monday issued a warning about a spike in attacks targeting VPN devices, sharing recommendations on how admins can protect their devices. Later the problem was found to be a zero-day flaw that was being exploited by hackers.
At the time the company said it had witnessed multiple attempts that when analysed were found to have the same pattern.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
“The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled”, the company said in a blog post.
The company created an FAQ page with additional information about the vulnerability and created a remote access validation script that can be used to review results and take appropriate actions.
Check Point is the second company to have issued an alert warning customers of attacks on VPN devices. Earlier, Cisco also warned about widespread credential brute-forcing attacks targeting VPN and SSH services on Cisco, Check Point, Sonic Wall, Fortinet, and Ubiquiti devices.
The campaign reportedly started around 18 March with attacks originating from TOR exit nodes that are used to anonymize user access to a network to provide private web browsing increasing network security. The attack campaign was found using various anonymization tools and proxies to evade blocks, a report from Bleeping Computer said.
This post was originally published on the 3rd party site mentioned in the title of this this site
Email
Remove
SEE ALL