Remove Authentication Remove Information Security Remove VPN
article thumbnail

Check Point released hotfix for actively exploited VPN zero-day

Security Affairs

Check Point released hotfixes for a VPN zero-day vulnerability, tracked as CVE-2024-24919, which is actively exploited in attacks in the wild. Check Point released hotfixes to address a VPN zero-day vulnerability, tracked as CVE-2024-24919 , which is actively being exploited in attacks in the wild.

VPN 112
article thumbnail

Cisco warns of large-scale brute-force attacks against VPN and SSH services

Security Affairs

Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services.

VPN 132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. The researchers referred to this result as “decloaking.”

VPN 123
article thumbnail

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN. It does not have ANY authentication.

VPN 129
article thumbnail

ASUS fixed critical remote authentication bypass bug in several routers

Security Affairs

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. impacting multiple devices.

article thumbnail

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN 121
article thumbnail

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x, x and Ivanti Policy Secure. x) and Ivanti Policy Secure. x) and Ivanti Policy Secure.

VPN 96