Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Multiple Enterprise VPN Apps Allow Attackers to Bypass Authentication

Free_vpn_mobile_apps

Enterprise VPN applications developed by Palo Alto Networks, Pulse Secure, Cisco, and F5 Networks are storing authentication and session cookies insecurely according to a DHS/CISA alert and a vulnerability note issued by CERT/CC, potentially allowing attackers to bypass authentication.

As detailed in theCommon Weakness Enumeration database in CWE-311, the fact that an app fails to "encrypt sensitive or critical information before storage or transmission" could allow would-be attackers to intercept traffic data, read it and inject malicious code/data to perform a Man-in-the-Middle (MitM) attack.

The alert issued today by the Department of Homeland Security'sCybersecurity and Infrastructure Security Agency (CISA) also states that a potential "attacker could exploit this vulnerability to take control of an affected system."

Also, the vulnerability note written byCarnegie Mellon University'sMadison Oliver says that"If an attacker has persistent access to a VPN user's endpoint...(continued)

View All Trending Stories