VPN Archives - Securezoo

CISA adds 6 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include iOS, Microsoft, Fortinet, Citrix and Veeam vulnerabilities)

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 18, 2022 / Citrix, CVE-2022-26500, CVE-2022-26501, CVE-2022-27518, CVE-2022-42475, CVE-2022-42856, CVE-2022-44698, Defender, Fortinet, iOS, Microsoft, SmartScreen, VPN

The Cybersecurity and Infrastructure Security Agency (CISA) has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include iOS, Microsoft, Fortinet, Citrix and Veeam vulnerabilities.

Cisco releases Critical advisory for Small Business RV routers

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / August 7, 2022 / CVE-2022-20827, CVE-2022-20841, CVE-2022-20842, Router, Small Business, SMB, VPN, WAN

Cisco has released a Critical security update for three vulnerabilities in Small Business RV Routers. An unauthenticated, remote attacker could execute arbitrary code or cause a denial of service (DoS) condition on an unpatched device.

Mozilla patches local privilege escalation vulnerability in Mozilla VPN

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 25, 2022 / CVE-2022-0517, Mozilla, OpenSSL, VPN

The Mozilla Foundation has patched a High risk local privilege escalation vulnerability in Mozilla VPN.

Cisco releases Critical security update for multiple vulnerabilities in Small Business RV Routers

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 4, 2022 / Cisco, CVE-2022-20699, CVE-2022-20700, CVE-2022-20701, CVE-2022-20703, CVE-2022-20708, Gigabit, Networking, Router, Small Business, VPN, WAN

Cisco has released a Critical security update for multiple vulnerabilities in Small Business RV Routers. Several of those vulnerabilities are rated Critical severity and have the highest rated CVSS score of 10.0.

FBI alert: APT actors exploit 0-Day FatPipe VPN vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / November 21, 2021 / 0-day, FatPipe, FBI, MPVPN, VPN

The Federal Bureau of Investigation (FBI) has issued a report of advanced persistent threat (APT) actors exploiting 0-day FatPipe MPVPN networking devices since at least May of 2021.

Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 18, 2021 / APT, ChamelGang, CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2021-34473, Exchange, Fortigate, Fortinet, ProxyShell, VPN

Iranian state-sponsored advanced persistent threat (APT) actors have been targeting and exploiting Microsoft Exchange and Fortinet vulnerabilities.

Palo Alto Networks fixes Critical PAN-OS vulnerability (CVE-2021-3064)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 13, 2021 / CVE-2021-3064, Gateway, GlobalProtect, Palo Alto Networks, PAN-OS, VPN

Palo Alto Networks has fixed a Critical PAN-OS vulnerability (CVE-2021-3064) in GlobalProtect Portal and Gateway Interfaces.

Citrix addresses Critical DoS vulnerability in ADC and Citrix Gateway products

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / November 11, 2021 / AAA virtual server, ADC, Citrix, CVE-2021-22955, Gateway, SD-WAN, VPN, WANOP

Citrix has addressed a Critical unauthenticated denial of service (DoS) vulnerability CVE-2021-22955 in ADC and Citrix Gateway products.

NSA and CISA release guidance on securing remote access VPNs

Access Control, Cybersecurity Articles, Identity & Access Management, Network Security / By Frank Crast / September 29, 2021 / CISA, CNSSP, NSA, TLS, VPN

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet selecting and securing remote access VPNs.

Threat actors breach South Korean atomic research institute via VPN vulnerability

Cybersecurity Attacks, Data Breach, Network Security, Vulnerabilities & Exploits / By Frank Crast / June 22, 2021 / Atomic Energy, KAERI, South Korea, VPN

Threat actors from suspected North Korea APT group Kimsuky breached a South Korean atomic research institute via a VPN vulnerability.