Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

VPN users: If you’re on Fortinet, Palo Alto, Pulse Secure, patch now, warns spy agency

October 5, 2019
in Internet Security
VPN users: If you’re on Fortinet, Palo Alto, Pulse Secure, patch now, warns spy agency
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Chinese hackers are scanning the internet for Fortinet and Pulse Secure VPN servers
Security researchers spot Chinese state-sponsored hackers going after high-end enterprise VPN servers.

If your employees are using virtual private networks (VPNs) from Fortinet, Palo Alto, or Pulse Secure, you really need to patch the products and search through system logs for signs of compromise. 

You might also like

Linux Mint may start pushing high-priority patches to users

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

Google addresses customer data protection, security in Workspace

As ZDNet reported in September, a group of Chinese state-backed hackers known as APT5 have been attacking enterprise VPN servers using Fortinet and Pulse Secure products. 

But APT5 might not be the only state-sponsored hacking group attempting to use the flaws. The UK’s National Cyber Security Centre (NCSC), a unit of UK spy agency GCHQ, is now warning organizations that Palo Alto’s GlobalProtect portal and GlobalProtect Gateway interface products are also under attack by state-sponsored attackers.

“This activity is ongoing, targeting both UK and international organisations. Affected sectors include government, military, academic, business, and healthcare. These vulnerabilities are well documented in open source,” NCSC warns. 

NCSC highlights six of the highest-impact vulnerabilities across the products that are being exploited by APT groups. 

Patches for each vulnerability are available, and the agency is recommending admins update immediately to avoid compromise because exploit code for the bugs is available on the internet. 

Some of the bugs were detailed at Black Hat USA in August, shortly before attacks on Fortinet and Pulse Secure were first detected. 

The VPN flaws would allow attackers to gain authentication credentials that can be used to connect to the VPN and change configuration settings or provide privileges to use additional exploits to gain a root shell.

The bugs include two flaws affecting the Pulse Connect Secure VPN, CVE-2019-11510 and CVE-2019-11539; three vulnerabilities in Fortinet’s Fortigate devices, CVE-2018-13379, CVE-2018-13382 and CVE-2018-13383; and a critical remote code execution bug in Palo Alto’s GlobalProtect portal and GlobalProtect Gateway interface products, CVE-2019-1579.

In light of the attacks, the NCSC has provided detailed and product-specific instructions for admins to check logs for signs of past exploitation. 

For example, for CVE-2019-11510 affecting Pulse Secure, it suggest search logs for “URLs containing ? and ending with /dana/html5acc/guacamole/ (Regular Expression: ?.*dana/html5acc/guacamole/)”.

“If any are found dated before the patch was applied, it may indicate a compromise. The matching string will contain the name of the file the attacker attempted to read,” it notes. 

The Fortinet bug CVE-2018-13379 may have been exploited if admins find that sslvpn_websession was downloaded. The file is at least 200kB in size and contains the usernames and passwords of active users. 

For Palo Alto VPNs, it recommends searching logs for past crashes, which may have been caused by failed exploit attempts. 

The NCSC is recommending organizations targeted by state-backed hackers to check all VPN settings and carry out checks on logs for services such as email that users connect to the network through a VPN.

It also recommends wiping devices if they may have been compromised. Additionally, organizations should implement two-factor authentication for VPNs and disable unnecessary functionality and ports on the VPN. 

Credit: Zdnet

Previous Post

Packers Must Resurrect Vintage Aaron Rodgers to Overcome Cowboys

Next Post

We Need To Build Trust And Accountability Into The Use Of A.I.

Related Posts

Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
Internet Security

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

March 3, 2021
Google addresses customer data protection, security in Workspace
Internet Security

Google addresses customer data protection, security in Workspace

March 2, 2021
Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
Next Post
We Need To Build Trust And Accountability Into The Use Of A.I.

We Need To Build Trust And Accountability Into The Use Of A.I.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs
Marketing Technology

Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme
Big Data

Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme

March 3, 2021
An open-source machine learning framework to carry out systematic reviews
Machine Learning

An open-source machine learning framework to carry out systematic reviews

March 3, 2021
The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021
Neural Networks

The Ways in Which Big Data can Transform Talent Management and Human Resources | by Amelia Jackson | Feb, 2021

March 3, 2021
Introducing Research Tuesdays: Tuesday’s daily brief
Digital Marketing

Introducing Research Tuesdays: Tuesday’s daily brief

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs March 3, 2021
  • Linux Mint may start pushing high-priority patches to users March 3, 2021
  • Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme March 3, 2021
  • An open-source machine learning framework to carry out systematic reviews March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates