APT Using Multiple VPN Vulnerabilities:

Threat Watch

Threat Watch APT Using Multiple VPN Vulnerabilities:

APT Using Multiple VPN Vulnerabilities:

According to the NSA, multiple Advanced Persistent Threat (APT) actors have been exploiting multiple VPN vulnerabilities from several VPN products including Palo Alto GlobalProtect™ and Fortinet Fortigate™ products. These vulnerabilities allow threat actors to gain remote access to affected networks, which could result in breaches or worse. Patches are available from the VPN product vendors that mitigate the vulnerabilities. Although the advisory was issued in October 2019, current intelligence indicates that threat actors continue to exploit these unpatched VPN servers.

ANALYST NOTES

The following guidelines were provided by the NSA to prevent or mitigate VPN exploitation: • Immediately upgrade the VPN server software to the latest version. • Reset credentials before reconnecting the upgraded devices to an external network. • Review network accounts to ensure adversaries did not create new accounts. • Update VPN user, administrator, and service account credentials. • Revoke and create new VPN server keys and certificates. For more information, refer to: https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/1982939/nsa-cybersecurity-advisory-malicious-cyber-actors-leveraging-vpn-vulnerabilitie/

SCAM ALERT: Sophistication, Law Enforcement, and Money – Beware

COVID-19 Scams Run Rampant

Cybercriminals Using Coronavirus Scare to Spread Malware

Threats in Today’s Remote Work Force

Threat Watch

APT Using Multiple VPN Vulnerabilities:

ANALYST NOTES

Solutions

Industries

Resources

About

Contact Support

Threat Watch

APT Using Multiple VPN Vulnerabilities:

ANALYST NOTES

Subscribe to Threat Watch

Contact Support